d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
154,010 Commits 4 Branches 49 Tags 2 GiB
6a599222bb
Commit Graph

69 Commits

Author SHA1 Message Date
Simon L. B. Nielsen
6a599222bb Merge OpenSSL 0.9.8m into head. 
This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL.  The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.

MFC after:	3 weeks
 2010-03-13 19:22:41 +00:00
Colin Percival
a235643007 Disable SSL renegotiation in order to protect against a serious 
protocol flaw. [09:15]

Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]

Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]

Approved by:	so (cperciva)
Security:	FreeBSD-SA-09:15.ssl
Security:	FreeBSD-SA-09:16.rtld
Security:	FreeBSD-SA-09:17.freebsd-udpate
 2009-12-03 09:18:40 +00:00
Simon L. B. Nielsen
2f1ff7669c Merge DTLS fixes from vendor-crypto/openssl/dist: 
- Fix memory consumption bug with "future epoch" DTLS records.
- Fix fragment handling memory leak.
- Do not access freed data structure.
- Fix DTLS fragment bug - out-of-sequence message handling which could
  result in NULL pointer dereference in
  dtls1_process_out_of_seq_message().

Note that this will not get FreeBSD Security Advisory as DTLS is
experimental in OpenSSL.

MFC after:	1 week
Security:	CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387
 2009-08-23 16:29:47 +00:00
Simon L. B. Nielsen
db522d3ae4 Merge OpenSSL 0.9.8k into head. 
Approved by:	re
 2009-06-14 19:45:16 +00:00
Simon L. B. Nielsen
8978d9e7ef Prevent cross-site forgery attacks on lukemftpd(8) due to splitting 
long commands into multiple requests. [09:01]

Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]

Security:	FreeBSD-SA-09:01.lukemftpd
Security:	FreeBSD-SA-09:02.openssl
Obtained from:	NetBSD [SA-09:01]
Obtained from:	OpenSSL Project [SA-09:02]
Approved by:	so (simon)
 2009-01-07 20:17:55 +00:00
Simon L. B. Nielsen
c4a78426be Flatten OpenSSL vendor tree. 2008-08-23 10:51:00 +00:00
Simon L. B. Nielsen
a0ddfe4e72 Import DTLS security fix from upstream OpenSSL_0_9_8-stable branch. 
From the OpenSSL advisory:

	Andy Polyakov discovered a flaw in OpenSSL's DTLS
	implementation which could lead to the compromise of clients
	and servers with DTLS enabled.

	DTLS is a datagram variant of TLS specified in RFC 4347 first
	supported in OpenSSL version 0.9.8. Note that the
	vulnerabilities do not affect SSL and TLS so only clients and
	servers explicitly using DTLS are affected.

	We believe this flaw will permit remote code execution.

Security:	CVE-2007-4995
Security:	http://www.openssl.org/news/secadv_20071012.txt
 2007-10-18 20:19:33 +00:00
Simon L. B. Nielsen
a87abab4b0 This commit was generated by cvs2svn to compensate for changes in r172767, 
which included commits to RCS files with non-trunk default branches.
 2007-10-18 20:19:33 +00:00
Simon L. B. Nielsen
ec4b528c4a Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers(). 
Security:	FreeBSD-SA-07:08.openssl
Approved by:	re (security blanket)
 2007-10-03 21:38:57 +00:00
Simon L. B. Nielsen
1d1b15c8bf Resolve conflicts after import of OpenSSL 0.9.8e. 2007-03-15 20:07:27 +00:00
Simon L. B. Nielsen
5471f83ea7 Vendor import of OpenSSL 0.9.8e. 2007-03-15 20:03:30 +00:00
Simon L. B. Nielsen
03b688114f This commit was generated by cvs2svn to compensate for changes in r167612, 
which included commits to RCS files with non-trunk default branches.
 2007-03-15 20:03:30 +00:00
Simon L. B. Nielsen
74608424ab Resolve conflicts after import of OpenSSL 0.9.8d. 2006-10-01 07:46:16 +00:00
Simon L. B. Nielsen
ed5d4f9a94 Vendor import of OpenSSL 0.9.8d. 2006-10-01 07:38:44 +00:00
Simon L. B. Nielsen
02d3319f28 This commit was generated by cvs2svn to compensate for changes in r162911, 
which included commits to RCS files with non-trunk default branches.
 2006-10-01 07:38:44 +00:00
Simon L. B. Nielsen
09bf29a41f Resolve conflicts after import of OpenSSL 0.9.8b. 2006-07-29 19:14:51 +00:00
Simon L. B. Nielsen
3b4e3dcb9f Vendor import of OpenSSL 0.9.8b 2006-07-29 19:10:21 +00:00
Simon L. B. Nielsen
f6ab039488 This commit was generated by cvs2svn to compensate for changes in r160814, 
which included commits to RCS files with non-trunk default branches.
 2006-07-29 19:10:21 +00:00
Colin Percival
51ce0d091c Correct a man-in-the-middle SSL version rollback vulnerability. 
Security:	FreeBSD-SA-05:21.openssl
 2005-10-11 11:50:36 +00:00
Jacques Vidrine
a37fa6607a Remove files that are no longer part of OpenSSL from the vendor 
branch.  This time, these are mostly the `Makefile.ssl' files.
 2005-02-25 06:14:53 +00:00
Jacques Vidrine
3c96cf2e8b This commit was generated by cvs2svn to compensate for changes in r142430, 
which included commits to RCS files with non-trunk default branches.
 2005-02-25 06:14:53 +00:00
Jacques Vidrine
5203f6dc3a Resolve conflicts after import of OpenSSL 0.9.7e. 2005-02-25 05:49:44 +00:00
Jacques Vidrine
6be8ae0724 Vendor import of OpenSSL 0.9.7e. 2005-02-25 05:39:05 +00:00
Jacques Vidrine
eb8fd19957 This commit was generated by cvs2svn to compensate for changes in r142425, 
which included commits to RCS files with non-trunk default branches.
 2005-02-25 05:39:05 +00:00
Jacques Vidrine
01c0bb1d8a Clean up the OpenSSL vendor branch by removing files that are not 
part of recent releases.
 2005-02-25 05:25:37 +00:00
Jacques Vidrine
902aa2e784 Resolve conflicts after import of OpenSSL 0.9.7d. 2004-03-17 17:44:39 +00:00
Jacques Vidrine
ced566fd0b Vendor import of OpenSSL 0.9.7d. 2004-03-17 15:49:33 +00:00
Jacques Vidrine
8f1200ff6f This commit was generated by cvs2svn to compensate for changes in r127128, 
which included commits to RCS files with non-trunk default branches.
 2004-03-17 15:49:33 +00:00
Jacques Vidrine
81ac585294 Correct a denial-of-service vulnerability in OpenSSL (CAN-2004-0079). 
Obtained from:	OpenSSL CVS (http://cvs.openssl.org/chngview?cn=12033)
 2004-03-17 12:11:08 +00:00
Jacques Vidrine
1612471010 This commit was generated by cvs2svn to compensate for changes in r127114, 
which included commits to RCS files with non-trunk default branches.
 2004-03-17 12:11:08 +00:00
Jacques Vidrine
50ef009353 Vendor import of OpenSSL 0.9.7c 2003-10-01 12:32:41 +00:00
Jacques Vidrine
8ae0780c3a This commit was generated by cvs2svn to compensate for changes in r120631, 
which included commits to RCS files with non-trunk default branches.
 2003-10-01 12:32:41 +00:00
Chris D. Faulhaber
35f304853f This commit was generated by cvs2svn to compensate for changes in r112439, 
which included commits to RCS files with non-trunk default branches.
 2003-03-20 20:41:45 +00:00
Chris D. Faulhaber
8786792504 Import of PKCS #1 security fix. 
http://www.openssl.org/news/secadv_20030319.txt
 2003-03-20 20:41:45 +00:00
Jacques Vidrine
def0b8c9c5 Resolve conflicts after import of OpenSSL 0.9.7a. 2003-02-19 23:24:16 +00:00
Jacques Vidrine
fceca8a377 Vendor import of OpenSSL 0.9.7a. 2003-02-19 23:17:42 +00:00
Jacques Vidrine
015ec3c905 This commit was generated by cvs2svn to compensate for changes in r111147, 
which included commits to RCS files with non-trunk default branches.
 2003-02-19 23:17:42 +00:00
Mark Murray
bff3688511 Merge conflicts. 
This is cunning doublespeak for "use vendor code".
 2003-01-28 22:34:21 +00:00
Mark Murray
5c87c606cd Vendor import of OpenSSL release 0.9.7. This release includes 
support for AES and OpenBSD's hardware crypto.
 2003-01-28 21:43:22 +00:00
Mark Murray
5bd38a39ed This commit was generated by cvs2svn to compensate for changes in r109998, 
which included commits to RCS files with non-trunk default branches.
 2003-01-28 21:43:22 +00:00
Jacques Vidrine
fd35706acb Resolve conflicts. 2002-08-10 01:50:50 +00:00
Jacques Vidrine
484549566e Import of OpenSSL 0.9.6f. 2002-08-10 01:46:10 +00:00
Jacques Vidrine
d96a831475 This commit was generated by cvs2svn to compensate for changes in r101615, 
which included commits to RCS files with non-trunk default branches.
 2002-08-10 01:46:10 +00:00
Jacques Vidrine
d57327ee50 Resolve conflicts after import of OpenSSL 0.9.6e. 2002-07-30 13:58:53 +00:00
Jacques Vidrine
4f20a5a274 Import of OpenSSL 0.9.6e. 2002-07-30 13:38:06 +00:00
Jacques Vidrine
0f881ddd5e This commit was generated by cvs2svn to compensate for changes in r100936, 
which included commits to RCS files with non-trunk default branches.
 2002-07-30 13:38:06 +00:00
Jacques Vidrine
018cd73f8c Remove many obsolete files. The majority of these are simply no 
longer included as part of the OpenSSL distribution.  However, a few
we just don't need and are explicitly excluded in FREEBSD-Xlist.
 2002-07-30 12:51:09 +00:00
Jacques Vidrine
c1803d7836 Import of OpenSSL 0.9.6d. 2002-07-30 12:44:15 +00:00
Jacques Vidrine
0135f0027c This commit was generated by cvs2svn to compensate for changes in r100928, 
which included commits to RCS files with non-trunk default branches.
 2002-07-30 12:44:15 +00:00
Kris Kennaway
c21ce79893 Resolve conflicts. 2002-01-27 03:17:13 +00:00