aboutsummaryrefslogtreecommitdiffstats
path: root/main/openssl
Commit message (Collapse)AuthorAgeFilesLines
* main/openssl: security upgrade to 1.0.1tTimo Teräs2016-05-161-5/+5
| | | | | | | | | | CVE-2016-2107 Prevent padding oracle in AES-NI CBC MAC check CVE-2016-2105 Fix EVP_EncodeUpdate overflow CVE-2016-2106 Fix EVP_EncryptUpdate overflow CVE-2016-2109 Prevent ASN.1 BIO excessive memory allocation CVE-2016-2176 EBCDIC overread fixes #5581
* main/openssl: security upgrade to 1.0.2gNatanael Copa2016-03-011-4/+5
| | | | | | | | | | | CVE-2016-0800 [High severity] CVE-2016-0705 [Low severity] CVE-2016-0798 [Low severity] CVE-2016-0797 [Low severity] CVE-2016-0799 [Low severity] CVE-2016-0702 [Low severity] fixes #5210
* main/openssl: security upgrade to 1.0.1rTimo Teräs2016-01-281-4/+4
| | | | | | Fixes CVE-2015-3197 (cherry picked from commit 82dae76b434b656e0fe9d8dffff5037059d25559)
* main/openssl: security release 1.0.1qChristian Kampka2015-12-042-150/+137
|
* main/openssl: security upgrade to 1.0.1p (CVE-2015-1793)Natanael Copa2015-07-092-30/+24
| | | | (cherry picked from commit 8330e10563fb27e1dc811c982b76c782fb096104)
* main/openssl: upgrade to 1.0.1oTimo Teräs2015-06-152-130/+4
| | | | (cherry picked from commit 4ec73e4f66d25d92e336f1bf8e7ac80100a8b72c)
* main/openssl: upgrade to 1.0.0nTimo Teräs2015-06-123-33/+134
| | | | | | | | | | CVE-2015-1788 Malformed ECParameters causes infinite loop CVE-2015-1789 Exploitable out-of-bounds read in X509_cmp_time CVE-2015-1790 PKCS7 crash with missing EnvelopedContent CVE-2015-1792 CMS verify infinite loop with unknown hash function CVE-2015-1791 Race condition handling NewSessionTicket (cherry picked from commit 0c0f46aad82893010ebb45cd4e710b3ba9fc9af8)
* main/openssl: fix rpath and turn off ssl compression by defaultTimo Teräs2015-03-287-18/+75
| | | | | | | | System wide mitigation for CVE-2012-4929. While most affected programs turn off compression themselves, this is safer default. (cherry picked from commit 5891af54e70fd91c02e6f8ab9b2059662b0ecfd4) (cherry picked from commit ac5c4e2e3e9221c51dfc317c9a79f9b5f04cb694)
* main/openssl: security upgrade to 1.0.1mTimo Teräs2015-03-2022-5593/+1118
| | | | | | | | | CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288 all patches refreshed (cherry picked from commit fe6a6566db78dfcc252a6b38d6a54d9d1c1d6aa0)
* main/openssl: security upgrade to 1.0.1kTimo Teräs2015-01-092-29/+19
| | | | | | | | | | | | | | | fixes #3685 CVE-2014-3571 DTLS segmentation fault in dtls1_get_record CVE-2015-0206 DTLS memory leak in dtls1_buffer_record CVE-2014-3569 no-ssl3 configuration sets method to NULL CVE-2014-3572 ECDHE silently downgrades to ECDH [Client] CVE-2015-0204 RSA silently downgrades to EXPORT_RSA [Client] CVE-2015-0205 DH client certificates accepted without verification [Server] CVE-2014-8275 Certificate fingerprints can be modified CVE-2014-3570 Bignum squaring may produce incorrect results (cherry picked from commit 26dd384585d2182a35bd9450091726b6472b3b24)
* main/openssl: security upgrade to 1.0.1j ↵Natanael Copa2014-10-161-5/+5
| | | | | | (CVE-2014-3513,CVE-2014-3567,CVE-2014-3568) fixes #3437
* main/openssl: security ugprade to 1.0.1i (multiple CVE)Timo Teräs2014-08-072-687/+17
| | | | | | | | | | | | | | | | CVE-2014-3508 Information leak in pretty printing functions CVE-2014-5139 Crash with SRP ciphersuite in Server Hello message CVE-2014-3509 Race condition in ssl_parse_serverhello_tlsext CVE-2014-3505 Double Free when processing DTLS packets CVE-2014-3506 DTLS memory exhaustion CVE-2014-3507 DTLS memory leak from zero-length fragments CVE-2014-3510 OpenSSL DTLS anonymous EC(DH) denial of service CVE-2014-3511 OpenSSL TLS protocol downgrade attack CVE-2014-3512 SRP buffer overrun (cherry picked from commit 9b2d3aa0289fc6e6f5fddca823337631d49cadf5) (cherry picked from commit d4f5d980c75fd5b13a60637aafa549f1407a85c8) (cherry picked from commit 7c34cd9c948a7bd20f05a136eaa9bec33c479849)
* main/openssl: security upgrade to 1.0.1h (multiple CVE)Timo Teräs2014-06-054-121/+11
| | | | | | | | | | | | | | Newly fixed CVEs: CVE-2014-0224 SSL/TLS MITM vulnerability CVE-2014-0221 DTLS recursion flaw CVE-2014-0195 DTLS invalid fragment vulnerability Previously fixed in Alpine by cherry picks: CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference (cherry picked from commit c7c8818b7203c5ff58dd5f7d03f7e47cb681348d) fixes #2999
* main/openssl: security fix to CVE-2014-0198Timo Teräs2014-05-292-1/+42
| | | | ref #2916
* main/openssl: fix use after free happening without freebufsTimo Teräs2014-04-112-4/+21
| | | | and it also happens with freebufs on multi-threaded programs.
* main/openssl: disable free(2) caching in ssl codeWilliam Pitcock2014-04-092-4/+22
| | | | | | | This code is dubious at best and also responsible for the heartbleed vulnerability being exposed in the first place. With the heartbleed test on a broken version, this results in a daemon crash instead of private key exposure. We add dummy padding to preserve ABI compatibility with older packages.
* main/openssl: upgrade to 1.0.1gTimo Teräs2014-04-071-4/+4
| | | | | - fix for CVE-2014-0160 - fix for CVE-2014-0076
* main/openssl: build fixesNatanael Copa2014-01-102-5/+346
| | | | | fixes parallel build and linking to dynamic libcrypto of c_rehash in case openssl-dev is not installed.
* main/openssl: security upgrade to 1.0.1fTimo Teräs2014-01-072-32/+5
| | | | | | | * Don't include gmt_unix_time in TLS server and client random values * Fix for TLS record tampering bug CVE-2013-4353 * Fix for TLS version checking bug CVE-2013-6449 * Fix for DTLS retransmission bug CVE-2013-6450
* main/openssl: fix musl build of c_rehash (missing include)Timo Teräs2014-01-032-3/+4
|
* main/openssl: rewrite c_rehash in C for speedTimo Teräs2013-12-313-165/+243
| | | | fixes #2533
* main/openssl: speed improvements for c_rehash.shTimo Teräs2013-12-262-83/+30
|
* main/openssl: don't use rdrand engine as defaultTimo Teräs2013-12-172-1/+28
| | | | As security measure, do not rely solely on hardware random source.
* main/openssl: fix makedepends for crosscompilingTimo Teräs2013-10-181-1/+3
|
* main/openssl: replace c_rehash perl script with shell scriptNatanael Copa2013-10-022-5/+223
| | | | | | from http://cvs.pld-linux.org/cgi-bin/viewvc.cgi/cvs/packages/openssl/openssl-c_rehash.sh ref #2266
* [all autotools packages]: normalize ./configureTimo Teräs2013-07-301-1/+2
|
* main/openssl: support crosscompiling, arm and muslTimo Teräs2013-07-082-2/+36
|
* main/openssl: fix openssl tools default CApathTimo Teräs2013-06-152-5/+111
| | | | Apply patch from openssl rt.
* main/openssl: update padlock sha1 patchTimo Teräs2013-03-052-5/+5
| | | | | | | | | Add EVP_MD_FLAG_PKEY_METHOD_SIGNATURE to padlock_sha1_md to fix DSA/SHA1 verification in certain cases. Seems that NID_sha1 instead of NID_dss is used sometimes incorrectly, and this seems to be the workaround regular SHA1 code does too. Suggested-by: Daniel Mansfield <daniel.mansfield@unsw.edu.au>
* main/openssl: upgrade to 1.0.1eNatanael Copa2013-02-122-81/+5
|
* main/openssl: fix regressionNatanael Copa2013-02-082-1/+95
| | | | http://marc.info/?t=136018837600003&r=1&w=2
* main/openssl: eglibc update verioned symbolsCarlo Landmeter2013-02-072-2/+57
|
* main/openssl: security upgrade to 1.0.1d ↵Natanael Copa2013-02-061-3/+3
| | | | | | (CVE-2013-0169,CVE-2012-2686,CVE-2013-0166) fixes #1591
* main/openssl: add versioned symbolsCarlo Landmeter2013-01-042-7/+4692
| | | | when building on eglibc we need versioned symbols
* main/openssl: add ircv3 tls-3.1 extension support to s_clientWilliam Pitcock2012-09-222-2/+60
|
* main/openssl: refresh hmac/oneshot and padlock patchesTimo Teräs2012-08-025-67/+83
| | | | | * fixed hmac oneshot flag to work as expected * renamed the patch series, and rebased against 1.0.1c
* main/openssl: fix padlock sha1/256 oneshot finalizing updateTimo Teräs2012-08-022-4/+4
| | | | | | We want to handle bytes upto next block boundary, to work with hardware from block boundary. The code incorrectly fed just the amount of bytes in the block.
* main/openssl: security upgrade to 1.0.1c (CVE-2012-2333)Natanael Copa2012-05-141-2/+2
| | | | | fixes #1151 (cherry picked from commit 1831053bb87f432f0d45ccd9f7a368fc885a1d64)
* main/openssl: upgrade to 1.0.1bNatanael Copa2012-04-261-2/+2
|
* main/openssl: security upgrade to 1.0.1a (CVE-2012-2110)Natanael Copa2012-04-231-2/+2
| | | | fixes #1107
* main/openssl: upgrade to 1.0.1Timo Teräs2012-03-283-398/+4
| | | | | | | Remove the unneeded 0002-apps-speed-fix; the speed utility can now measure evp speeds with -evp flag. Padlock autoloading patch is rebased.
* main/openssl: upgrade to 1.0.0hNatanael Copa2012-03-131-2/+2
|
* main/openssl: security upgrade to 1.0.0g (CVE-2012-0050)Natanael Copa2012-01-191-2/+2
| | | | fixes #935
* main/openssl: security upgrade to 1.0.0fNatanael Copa2012-01-051-2/+2
| | | | | | | | | | | CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 fixes #893
* main/openssl: security upgrade to 1.0.0e (CVE-2011-3207, CVE-2011-3210)Natanael Copa2011-09-061-2/+2
|
* main/openssl: update to 1.0.0dTimo Teräs2011-02-091-2/+2
| | | | * contains security fix to CVE-2011-0014
* Set all packages with arch="x86 x86_64" to arch="all".William Pitcock2011-01-131-1/+1
|
* main/*: add archNatanael Copa2010-12-131-0/+1
|
* main/openssl: security update to 1.0.0cTimo Teräs2010-12-031-2/+2
| | | | | | | | - Fix for security issue CVE-2010-4180 - Fix for CVE-2010-4252 - Fix mishandling of absent EC point format extension. - Fix various platform compilation issues. - Corrected fix for security issue CVE-2010-3864.
* main/openssl: specify libdirNatanael Copa2010-11-231-0/+1
| | | | so we avoid /usr/lib64 on x86_64
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 15:20:52 +0000