d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
160,214 Commits 4 Branches 49 Tags 2 GiB
Commit Graph

67 Commits

Author SHA1 Message Date
simon
5868b7c961 Merge DTLS fixes from vendor-crypto/openssl/dist: 
- Fix memory consumption bug with "future epoch" DTLS records.
- Fix fragment handling memory leak.
- Do not access freed data structure.
- Fix DTLS fragment bug - out-of-sequence message handling which could
  result in NULL pointer dereference in
  dtls1_process_out_of_seq_message().

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

MFC after:	1 week
Security:	CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387
 2009-08-23 16:29:47 +00:00
simon
5fb395764b Merge OpenSSL 0.9.8k into head. 
Approved by:	re
 2009-06-14 19:45:16 +00:00
simon
abe6016909 Prevent cross-site forgery attacks on lukemftpd(8) due to splitting 
long commands into multiple requests. [09:01]

Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]

Security:	FreeBSD-SA-09:01.lukemftpd
Security:	FreeBSD-SA-09:02.openssl
Obtained from:	NetBSD [SA-09:01]
Obtained from:	OpenSSL Project [SA-09:02]
Approved by:	so (simon)
 2009-01-07 20:17:55 +00:00
simon
64fcbc70db Flatten OpenSSL vendor tree. 2008-08-23 10:51:00 +00:00
simon
8f21bfc175 Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch. 
From the OpenSSL advisory:

	Andy Polyakov discovered a flaw in OpenSSL's DTLS
	implementation which could lead to the compromise of clients
	and servers with DTLS enabled.

	DTLS is a datagram variant of TLS specified in RFC 4347 first
	supported in OpenSSL version 0.9.8. Note that the
	vulnerabilities do not affect SSL and TLS so only clients and
	servers explicitly using DTLS are affected.

	We believe this flaw will permit remote code execution.

Security:	CVE-2007-4995
Security:	http://www.openssl.org/news/secadv_20071012.txt
 2007-10-18 20:19:33 +00:00
simon
efafc844b6 This commit was generated by cvs2svn to compensate for changes in r172767, 
which included commits to RCS files with non-trunk default branches.
 2007-10-18 20:19:33 +00:00
simon
6d467b2229 Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers(). 
Security:	FreeBSD-SA-07:08.openssl
Approved by:	re (security blanket)
 2007-10-03 21:38:57 +00:00
simon
394ba190a3 Resolve conflicts after import of OpenSSL 0.9.8e. 2007-03-15 20:07:27 +00:00
simon
ee48ceb6a8 Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
simon
699a8581f9 This commit was generated by cvs2svn to compensate for changes in r167612, 
which included commits to RCS files with non-trunk default branches.
 2007-03-15 20:03:30 +00:00
simon
de193995a6 Resolve conflicts after import of OpenSSL 0.9.8d. 2006-10-01 07:46:16 +00:00
simon
387e65d767 Vendor import of OpenSSL 0.9.8d. 2006-10-01 07:38:44 +00:00
simon
b2881e9eb1 This commit was generated by cvs2svn to compensate for changes in r162911, 
which included commits to RCS files with non-trunk default branches.
 2006-10-01 07:38:44 +00:00
simon
e07cc0214a Resolve conflicts after import of OpenSSL 0.9.8b. 2006-07-29 19:14:51 +00:00
simon
fb3c70eda8 Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
simon
9159ca2b0e This commit was generated by cvs2svn to compensate for changes in r160814, 
which included commits to RCS files with non-trunk default branches.
 2006-07-29 19:10:21 +00:00
cperciva
45ad656456 Correct a man-in-the-middle SSL version rollback vulnerability. 
Security:	FreeBSD-SA-05:21.openssl
 2005-10-11 11:50:36 +00:00
nectar
3c8d7d9993 Remove files that are no longer part of OpenSSL from the vendor 
branch.  This time, these are mostly the `Makefile.ssl' files.
 2005-02-25 06:14:53 +00:00
nectar
0d4d2c2cec This commit was generated by cvs2svn to compensate for changes in r142430, 
which included commits to RCS files with non-trunk default branches.
 2005-02-25 06:14:53 +00:00
nectar
ced877b043 Resolve conflicts after import of OpenSSL 0.9.7e. 2005-02-25 05:49:44 +00:00
nectar
78a59572b3 Vendor import of OpenSSL 0.9.7e. 2005-02-25 05:39:05 +00:00
nectar
52bc459a40 This commit was generated by cvs2svn to compensate for changes in r142425, 
which included commits to RCS files with non-trunk default branches.
 2005-02-25 05:39:05 +00:00
nectar
a55ec1447a Clean up the OpenSSL vendor branch by removing files that are not 
part of recent releases.
 2005-02-25 05:25:37 +00:00
nectar
2283471bb5 Resolve conflicts after import of OpenSSL 0.9.7d. 2004-03-17 17:44:39 +00:00
nectar
0f095e8a2a Vendor import of OpenSSL 0.9.7d. 2004-03-17 15:49:33 +00:00
nectar
15b921d648 This commit was generated by cvs2svn to compensate for changes in r127128, 
which included commits to RCS files with non-trunk default branches.
 2004-03-17 15:49:33 +00:00
nectar
e8232d78ab Correct a denial-of-service vulnerability in OpenSSL (CAN-2004-0079). 
Obtained from:	OpenSSL CVS (http://cvs.openssl.org/chngview?cn=12033)
 2004-03-17 12:11:08 +00:00
nectar
5899dbda42 This commit was generated by cvs2svn to compensate for changes in r127114, 
which included commits to RCS files with non-trunk default branches.
 2004-03-17 12:11:08 +00:00
nectar
ee25ce74b3 Vendor import of OpenSSL 0.9.7c 2003-10-01 12:32:41 +00:00
nectar
d8e0ea4b40 This commit was generated by cvs2svn to compensate for changes in r120631, 
which included commits to RCS files with non-trunk default branches.
 2003-10-01 12:32:41 +00:00
jedgar
ad2b755e27 This commit was generated by cvs2svn to compensate for changes in r112439, 
which included commits to RCS files with non-trunk default branches.
 2003-03-20 20:41:45 +00:00
jedgar
5514cd4987 Import of PKCS #1 security fix. 
http://www.openssl.org/news/secadv_20030319.txt
 2003-03-20 20:41:45 +00:00
nectar
0fee824237 Resolve conflicts after import of OpenSSL 0.9.7a. 2003-02-19 23:24:16 +00:00
nectar
6c9986c446 Vendor import of OpenSSL 0.9.7a. 2003-02-19 23:17:42 +00:00
nectar
21bb0e5fa9 This commit was generated by cvs2svn to compensate for changes in r111147, 
which included commits to RCS files with non-trunk default branches.
 2003-02-19 23:17:42 +00:00
markm
3f245d6325 Merge conflicts. 
This is cunning doublespeak for "use vendor code".
 2003-01-28 22:34:21 +00:00
markm
aad1d64cb5 Vendor import of OpenSSL release 0.9.7. This release includes 
support for AES and OpenBSD's hardware crypto.
 2003-01-28 21:43:22 +00:00
markm
33af127a88 This commit was generated by cvs2svn to compensate for changes in r109998, 
which included commits to RCS files with non-trunk default branches.
 2003-01-28 21:43:22 +00:00
nectar
f779e835e5 Resolve conflicts. 2002-08-10 01:50:50 +00:00
nectar
c99c2264cb Import of OpenSSL 0.9.6f. 2002-08-10 01:46:10 +00:00
nectar
45bf128dcc This commit was generated by cvs2svn to compensate for changes in r101615, 
which included commits to RCS files with non-trunk default branches.
 2002-08-10 01:46:10 +00:00
nectar
9b13f71fee Resolve conflicts after import of OpenSSL 0.9.6e. 2002-07-30 13:58:53 +00:00
nectar
2f13e09165 Import of OpenSSL 0.9.6e. 2002-07-30 13:38:06 +00:00
nectar
9b2d850453 This commit was generated by cvs2svn to compensate for changes in r100936, 
which included commits to RCS files with non-trunk default branches.
 2002-07-30 13:38:06 +00:00
nectar
0518ae8674 Remove many obsolete files. The majority of these are simply no 
longer included as part of the OpenSSL distribution.  However, a few
we just don't need and are explicitly excluded in FREEBSD-Xlist.
 2002-07-30 12:51:09 +00:00
nectar
0aed2eea83 Import of OpenSSL 0.9.6d. 2002-07-30 12:44:15 +00:00
nectar
050218e0d0 This commit was generated by cvs2svn to compensate for changes in r100928, 
which included commits to RCS files with non-trunk default branches.
 2002-07-30 12:44:15 +00:00
kris
7b695f1ddd Resolve conflicts. 2002-01-27 03:17:13 +00:00
kris
1f8c2aa176 Initial import of OpenSSL 0.9.6c 2002-01-27 03:13:07 +00:00
kris
0b3d98771f This commit was generated by cvs2svn to compensate for changes in r89837, 
which included commits to RCS files with non-trunk default branches.
 2002-01-27 03:13:07 +00:00