| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-1788 Malformed ECParameters causes infinite loop
CVE-2015-1789 Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1790 PKCS7 crash with missing EnvelopedContent
CVE-2015-1792 CMS verify infinite loop with unknown hash function
CVE-2015-1791 Race condition handling NewSessionTicket
(cherry picked from commit 0c0f46aad82893010ebb45cd4e710b3ba9fc9af8)
Conflicts:
main/openssl/APKBUILD
|
|
|
|
| |
getauxval is not available, so don't use it.
|
|
|
|
|
|
|
|
| |
System wide mitigation for CVE-2012-4929. While most affected
programs turn off compression themselves, this is safer default.
(cherry picked from commit 5891af54e70fd91c02e6f8ab9b2059662b0ecfd4)
(cherry picked from commit ac5c4e2e3e9221c51dfc317c9a79f9b5f04cb694)
|
|
|
|
|
|
|
|
|
| |
CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293,
CVE-2015-0209, CVE-2015-0288
all patches refreshed
(cherry picked from commit fe6a6566db78dfcc252a6b38d6a54d9d1c1d6aa0)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fixes #3686
CVE-2014-3571 DTLS segmentation fault in dtls1_get_record
CVE-2015-0206 DTLS memory leak in dtls1_buffer_record
CVE-2014-3569 no-ssl3 configuration sets method to NULL
CVE-2014-3572 ECDHE silently downgrades to ECDH [Client]
CVE-2015-0204 RSA silently downgrades to EXPORT_RSA [Client]
CVE-2015-0205 DH client certificates accepted without verification [Server]
CVE-2014-8275 Certificate fingerprints can be modified
CVE-2014-3570 Bignum squaring may produce incorrect results
(cherry picked from commit 26dd384585d2182a35bd9450091726b6472b3b24)
Conflicts:
main/openssl/APKBUILD
|
|
|
|
|
|
| |
(CVE-2014-3513,CVE-2014-3567,CVE-2014-3568)
fixes #3436
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2014-3508 Information leak in pretty printing functions
CVE-2014-5139 Crash with SRP ciphersuite in Server Hello message
CVE-2014-3509 Race condition in ssl_parse_serverhello_tlsext
CVE-2014-3505 Double Free when processing DTLS packets
CVE-2014-3506 DTLS memory exhaustion
CVE-2014-3507 DTLS memory leak from zero-length fragments
CVE-2014-3510 OpenSSL DTLS anonymous EC(DH) denial of service
CVE-2014-3511 OpenSSL TLS protocol downgrade attack
CVE-2014-3512 SRP buffer overrun
(cherry picked from commit 9b2d3aa0289fc6e6f5fddca823337631d49cadf5)
(cherry picked from commit d4f5d980c75fd5b13a60637aafa549f1407a85c8)
(cherry picked from commit 7c34cd9c948a7bd20f05a136eaa9bec33c479849)
Conflicts:
main/openssl/APKBUILD
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Newly fixed CVEs:
CVE-2014-0224 SSL/TLS MITM vulnerability
CVE-2014-0221 DTLS recursion flaw
CVE-2014-0195 DTLS invalid fragment vulnerability
Previously fixed in Alpine by cherry picks:
CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
(cherry picked from commit c7c8818b7203c5ff58dd5f7d03f7e47cb681348d)
Conflicts:
main/openssl/APKBUILD
main/openssl/CVE-2010-5298.patch
fixes #2998
|
|
|
|
| |
fixes #2919
|
|
|
|
| |
fixes #2898
|
|
|
|
|
| |
- fix for CVE-2014-0160
- fix for CVE-2014-0076
|
|
|
|
|
|
|
|
|
| |
* Don't include gmt_unix_time in TLS server and client random values
* Fix for TLS record tampering bug CVE-2013-4353
* Fix for TLS version checking bug CVE-2013-6449
* Fix for DTLS retransmission bug CVE-2013-6450
(cherry picked from commit be0d0a4451a7e1bca824949ec8fd32e20a33c9f6)
|
|
|
|
|
|
| |
fixes #2533
(cherry picked from commit 94998965c2563e48e8ce172ac6b3a3db819740f8)
|
|
|
|
|
|
| |
As security measure, do not rely solely on hardware random source.
(cherry picked from commit 1fd915b81678c58d35bf63761c260efd5362a93d)
|
| |
|
|
|
|
|
|
| |
from http://cvs.pld-linux.org/cgi-bin/viewvc.cgi/cvs/packages/openssl/openssl-c_rehash.sh
ref #2266
|
| |
|
| |
|
|
|
|
| |
Apply patch from openssl rt.
|
|
|
|
|
|
|
|
|
| |
Add EVP_MD_FLAG_PKEY_METHOD_SIGNATURE to padlock_sha1_md to fix
DSA/SHA1 verification in certain cases. Seems that NID_sha1 instead
of NID_dss is used sometimes incorrectly, and this seems to be the
workaround regular SHA1 code does too.
Suggested-by: Daniel Mansfield <daniel.mansfield@unsw.edu.au>
|
| |
|
|
|
|
| |
http://marc.info/?t=136018837600003&r=1&w=2
|
| |
|
|
|
|
|
|
| |
(CVE-2013-0169,CVE-2012-2686,CVE-2013-0166)
fixes #1591
|
|
|
|
| |
when building on eglibc we need versioned symbols
|
| |
|
|
|
|
|
| |
* fixed hmac oneshot flag to work as expected
* renamed the patch series, and rebased against 1.0.1c
|
|
|
|
|
|
| |
We want to handle bytes upto next block boundary, to work with
hardware from block boundary. The code incorrectly fed just the
amount of bytes in the block.
|
|
|
|
|
| |
fixes #1151
(cherry picked from commit 1831053bb87f432f0d45ccd9f7a368fc885a1d64)
|
| |
|
|
|
|
| |
fixes #1107
|
|
|
|
|
|
|
| |
Remove the unneeded 0002-apps-speed-fix; the speed utility can now
measure evp speeds with -evp flag.
Padlock autoloading patch is rebased.
|
| |
|
|
|
|
| |
fixes #935
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2011-4108
CVE-2011-4109
CVE-2011-4576
CVE-2011-4577
CVE-2011-4619
CVE-2012-0027
fixes #893
|
| |
|
|
|
|
| |
* contains security fix to CVE-2011-0014
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
- Fix for security issue CVE-2010-4180
- Fix for CVE-2010-4252
- Fix mishandling of absent EC point format extension.
- Fix various platform compilation issues.
- Corrected fix for security issue CVE-2010-3864.
|
|
|
|
| |
so we avoid /usr/lib64 on x86_64
|
|
|
|
|
|
| |
* upgrade to 1.0.0b which has security fixes
* update patch which did not apply anymore
* delete patch merged upstream
|
| |
|
| |
|
|
|
|
| |
The new feature is support for VIA Nano Padlock in 64-bit mode.
|
|\
| |
| |
| |
| | |
Conflicts:
main/openssl/APKBUILD
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add new version of padlock patches which enable:
- limited support of VIA C7 SHA acceleration
- full support for VIA Nano SHA acceleration
Openssl HMAC core is also patched to take full performance out of
padlock. Speed application is updated for measuring hmac(sha1).
Padlock was moved to be dynamic engine in openssl-1.0.0. So add some
code that losfd automatically that engine.
|
| | |
|