aboutsummaryrefslogtreecommitdiffstats
path: root/main/openssl
Commit message (Collapse)AuthorAgeFilesLines
* main/openssl: security upgrade to 1.0.1d (CVE-2015-1793)Timo Teräs2015-07-092-26/+21
|
* main/openssl: upgrade to 1.0.2cTimo Teräs2015-06-152-130/+4
|
* main/openssl: security upgrade to 1.0.2bTimo Teräs2015-06-123-33/+134
| | | | | | | | CVE-2015-1788 Malformed ECParameters causes infinite loop CVE-2015-1789 Exploitable out-of-bounds read in X509_cmp_time CVE-2015-1790 PKCS7 crash with missing EnvelopedContent CVE-2015-1792 CMS verify infinite loop with unknown hash function CVE-2015-1791 Race condition handling NewSessionTicket
* main/openssl: fix rpath and turn off ssl compression by defaultTimo Teräs2015-03-277-20/+76
| | | | | System wide mitigation for CVE-2012-4929. While most affected programs turn off compression themselves, this is safer default.
* main/openssl: security upgrade to 1.0.2aTimo Teräs2015-03-193-77/+58
| | | | | | CVE-2015-0291, CVE-2015-0290, CVE-2015-0207, CVE-2015-0286, CVE-2015-0208, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-1787, CVE-2015-0285, CVE-2015-0209, CVE-2015-0288
* main/openssl: add missing patchesTimo Teräs2015-02-235-0/+1129
|
* main/openssl: upgrade to 1.0.2 and rebase all patchesTimo Teräs2015-02-2319-6411/+889
|
* main/openssl: upgrade to 1.0.1lNatanael Copa2015-01-191-4/+4
|
* main/openssl: security upgrade to 1.0.1kTimo Teräs2015-01-092-29/+19
| | | | | | | | | | | CVE-2014-3571 DTLS segmentation fault in dtls1_get_record CVE-2015-0206 DTLS memory leak in dtls1_buffer_record CVE-2014-3569 no-ssl3 configuration sets method to NULL CVE-2014-3572 ECDHE silently downgrades to ECDH [Client] CVE-2015-0204 RSA silently downgrades to EXPORT_RSA [Client] CVE-2015-0205 DH client certificates accepted without verification [Server] CVE-2014-8275 Certificate fingerprints can be modified CVE-2014-3570 Bignum squaring may produce incorrect results
* Revert "main/openssl: upgrade to 1.0.1k"Bartłomiej Piotrowski2015-01-081-4/+4
| | | | This reverts commit 9bb63edbc546e6253578e5050132c62839e84dff.
* main/openssl: upgrade to 1.0.1kBartłomiej Piotrowski2015-01-081-4/+4
|
* main/openssl: upgrade to 1.0.1jNatanael Copa2014-10-151-5/+5
|
* main/openssl: enable accelerated NIST P-224 and P-256 on x86_64Bartłomiej Piotrowski2014-10-121-3/+4
|
* main/openssl: fix man-pages properlyTimo Teräs2014-08-072-95/+49
| | | | | | | Failed to rebase the manpages patch properly. This removes the hunks that delete pages. Instead have the package script rename the affected man pages, and update the patch only to change the cross references of the conflicting man pages.
* main/openssl: remove conflicting man pagesTimo Teräs2014-08-071-2/+6
|
* main/openssl: security ugprade to 1.0.1i (multiple CVE)Timo Teräs2014-08-072-635/+7
| | | | | | | | | | | | CVE-2014-3508 Information leak in pretty printing functions CVE-2014-5139 Crash with SRP ciphersuite in Server Hello message CVE-2014-3509 Race condition in ssl_parse_serverhello_tlsext CVE-2014-3505 Double Free when processing DTLS packets CVE-2014-3506 DTLS memory exhaustion CVE-2014-3507 DTLS memory leak from zero-length fragments CVE-2014-3510 OpenSSL DTLS anonymous EC(DH) denial of service CVE-2014-3511 OpenSSL TLS protocol downgrade attack CVE-2014-3512 SRP buffer overrun
* main/openssl: security upgrade to 1.0.1h (multiple CVE)Timo Teräs2014-06-054-121/+11
| | | | | | | | | | Newly fixed CVEs: CVE-2014-0224 SSL/TLS MITM vulnerability CVE-2014-0221 DTLS recursion flaw CVE-2014-0195 DTLS invalid fragment vulnerability Previously fixed in Alpine by cherry picks: CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
* main/openssl: security fix to CVE-2014-0198Timo Teräs2014-05-292-1/+42
| | | | ref #2916
* main/openssl: fix use after free happening without freebufsTimo Teräs2014-04-112-4/+21
| | | | and it also happens with freebufs on multi-threaded programs.
* main/openssl: disable free(2) caching in ssl codeWilliam Pitcock2014-04-092-4/+22
| | | | | | | This code is dubious at best and also responsible for the heartbleed vulnerability being exposed in the first place. With the heartbleed test on a broken version, this results in a daemon crash instead of private key exposure. We add dummy padding to preserve ABI compatibility with older packages.
* main/openssl: upgrade to 1.0.1gTimo Teräs2014-04-071-4/+4
| | | | | - fix for CVE-2014-0160 - fix for CVE-2014-0076
* main/openssl: build fixesNatanael Copa2014-01-102-5/+346
| | | | | fixes parallel build and linking to dynamic libcrypto of c_rehash in case openssl-dev is not installed.
* main/openssl: security upgrade to 1.0.1fTimo Teräs2014-01-072-32/+5
| | | | | | | * Don't include gmt_unix_time in TLS server and client random values * Fix for TLS record tampering bug CVE-2013-4353 * Fix for TLS version checking bug CVE-2013-6449 * Fix for DTLS retransmission bug CVE-2013-6450
* main/openssl: fix musl build of c_rehash (missing include)Timo Teräs2014-01-032-3/+4
|
* main/openssl: rewrite c_rehash in C for speedTimo Teräs2013-12-313-165/+243
| | | | fixes #2533
* main/openssl: speed improvements for c_rehash.shTimo Teräs2013-12-262-83/+30
|
* main/openssl: don't use rdrand engine as defaultTimo Teräs2013-12-172-1/+28
| | | | As security measure, do not rely solely on hardware random source.
* main/openssl: fix makedepends for crosscompilingTimo Teräs2013-10-181-1/+3
|
* main/openssl: replace c_rehash perl script with shell scriptNatanael Copa2013-10-022-5/+223
| | | | | | from http://cvs.pld-linux.org/cgi-bin/viewvc.cgi/cvs/packages/openssl/openssl-c_rehash.sh ref #2266
* [all autotools packages]: normalize ./configureTimo Teräs2013-07-301-1/+2
|
* main/openssl: support crosscompiling, arm and muslTimo Teräs2013-07-082-2/+36
|
* main/openssl: fix openssl tools default CApathTimo Teräs2013-06-152-5/+111
| | | | Apply patch from openssl rt.
* main/openssl: update padlock sha1 patchTimo Teräs2013-03-052-5/+5
| | | | | | | | | Add EVP_MD_FLAG_PKEY_METHOD_SIGNATURE to padlock_sha1_md to fix DSA/SHA1 verification in certain cases. Seems that NID_sha1 instead of NID_dss is used sometimes incorrectly, and this seems to be the workaround regular SHA1 code does too. Suggested-by: Daniel Mansfield <daniel.mansfield@unsw.edu.au>
* main/openssl: upgrade to 1.0.1eNatanael Copa2013-02-122-81/+5
|
* main/openssl: fix regressionNatanael Copa2013-02-082-1/+95
| | | | http://marc.info/?t=136018837600003&r=1&w=2
* main/openssl: eglibc update verioned symbolsCarlo Landmeter2013-02-072-2/+57
|
* main/openssl: security upgrade to 1.0.1d ↵Natanael Copa2013-02-061-3/+3
| | | | | | (CVE-2013-0169,CVE-2012-2686,CVE-2013-0166) fixes #1591
* main/openssl: add versioned symbolsCarlo Landmeter2013-01-042-7/+4692
| | | | when building on eglibc we need versioned symbols
* main/openssl: add ircv3 tls-3.1 extension support to s_clientWilliam Pitcock2012-09-222-2/+60
|
* main/openssl: refresh hmac/oneshot and padlock patchesTimo Teräs2012-08-025-67/+83
| | | | | * fixed hmac oneshot flag to work as expected * renamed the patch series, and rebased against 1.0.1c
* main/openssl: fix padlock sha1/256 oneshot finalizing updateTimo Teräs2012-08-022-4/+4
| | | | | | We want to handle bytes upto next block boundary, to work with hardware from block boundary. The code incorrectly fed just the amount of bytes in the block.
* main/openssl: security upgrade to 1.0.1c (CVE-2012-2333)Natanael Copa2012-05-141-2/+2
| | | | | fixes #1151 (cherry picked from commit 1831053bb87f432f0d45ccd9f7a368fc885a1d64)
* main/openssl: upgrade to 1.0.1bNatanael Copa2012-04-261-2/+2
|
* main/openssl: security upgrade to 1.0.1a (CVE-2012-2110)Natanael Copa2012-04-231-2/+2
| | | | fixes #1107
* main/openssl: upgrade to 1.0.1Timo Teräs2012-03-283-398/+4
| | | | | | | Remove the unneeded 0002-apps-speed-fix; the speed utility can now measure evp speeds with -evp flag. Padlock autoloading patch is rebased.
* main/openssl: upgrade to 1.0.0hNatanael Copa2012-03-131-2/+2
|
* main/openssl: security upgrade to 1.0.0g (CVE-2012-0050)Natanael Copa2012-01-191-2/+2
| | | | fixes #935
* main/openssl: security upgrade to 1.0.0fNatanael Copa2012-01-051-2/+2
| | | | | | | | | | | CVE-2011-4108 CVE-2011-4109 CVE-2011-4576 CVE-2011-4577 CVE-2011-4619 CVE-2012-0027 fixes #893
* main/openssl: security upgrade to 1.0.0e (CVE-2011-3207, CVE-2011-3210)Natanael Copa2011-09-061-2/+2
|
* main/openssl: update to 1.0.0dTimo Teräs2011-02-091-2/+2
| | | | * contains security fix to CVE-2011-0014
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-08 21:47:32 +0000