summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Antonio Huete Jimenez [Sat, 26 Nov 2022 01:38:53 +0000 (02:38 +0100)]
vendor/LIBRESSL: Import LibreSSL 3.6.1
For a full list of changes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.6-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.7-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.2-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.3-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.4-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.5-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.3.6-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.0-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.1-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.1-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.2-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.3-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.0-relnotes.txt
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1-relnotes.txt
Daniel Fojt [Fri, 26 Mar 2021 12:41:25 +0000 (13:41 +0100)]
vendor/libressl: upgrade from 3.2.4 to 3.2.5
Fixes possible use-after-free caused by TLS client using session
resumption.
Daniel Fojt [Wed, 17 Feb 2021 18:29:12 +0000 (19:29 +0100)]
vendor/libressl: upgrade from 3.2.3 to 3.2.4
Bug and interoperability fixes:
* Switch back to certificate verification code from LibreSSL 3.1.x. The
new verifier is not bug compatible with the old verifier causing issues
with applications expecting behavior of the old verifier.
* Unbreak DTLS retransmissions for flights that include a CCS
* Only check BIO_should_read() on read and BIO_should_write() on write
* Implement autochain for the TLSv1.3 server
* Use the legacy verifier for autochain
* Implement exporter for TLSv1.3
* Free alert_data and phh_data in tls13_record_layer_free()
* Plug leak in x509_verify_chain_dup()
* Free the policy tree in x509_vfy_check_policy()
Daniel Fojt [Thu, 10 Dec 2020 17:13:07 +0000 (18:13 +0100)]
vendor/libressl: upgrade from 3.2.2 to 3.2.3
Fixes ASN.1 vulnerability (aka CVE-2020-1971):
* Malformed ASN.1 in a certificate revocation list or a timestamp
response token can lead to a NULL pointer dereference
Daniel Fojt [Tue, 3 Nov 2020 18:37:17 +0000 (19:37 +0100)]
vendor/libressl: upgrade from 3.1.4 to 3.2.2
Summary of notable changes:
* new TLSv1.3 implementation enabled by default for both client
and server
* new X509 certificate chain validator that correctly handles
multiple paths through intermediate certificates
* new name constraints verification implementation which passes
the bettertls.com certificate validation check suite
* numerous leaks and out-of-bounds write fixed
* many improvements, refactoring, optimizations and code cleanups
See ChangeLog for details.
Daniel Fojt [Fri, 11 Sep 2020 14:58:25 +0000 (16:58 +0200)]
vendor/libressl: upgrade from 3.1.3 to 3.1.4
Interoperability and bug fixes for the TLSv1.3 client:
* Improve client certificate selection to allow EC certificates
instead of only RSA certificates.
* Do not error out if a TLSv1.3 server requests an OCSP response as
part of a certificate request.
* Fix SSL_shutdown behavior to match the legacy stack. The previous
behaviour could cause a hang.
* Fix a memory leak and add a missing error check in the handling of
the key update message.
* Fix a memory leak in tls13_record_layer_set_traffic_key.
* Avoid calling freezero with a negative size if a server sends a
malformed plaintext of all zeroes.
* Ensure that only PSS may be used with RSA in TLSv1.3 in order
to avoid using PKCS1-based signatures.
* Add the P-521 curve to the list of curves supported by default
in the client.
Daniel Fojt [Sat, 18 Jul 2020 07:42:07 +0000 (09:42 +0200)]
vendor/libressl: upgrade from 2.9.1 to 3.1.3
Summary of notable changes:
- fixed CVE-2019-1547 and CVE-2019-1563
- various side channels in DSA and ECDSA were addressed
- fixed PVK format output issue with openssl(1) dsa and rsa subcommand
- added cms subcommand to openssl(1)
- added -addext option to openssl(1) req subcommand
- added -groups option to openssl(1) s_server subcommand
- improved compatibility by backporting functionality and documentation
from OpenSSL 1.1.1
- added RSA-PSS and RSA-OAEP methods from OpenSSL 1.1.1
- completed the port of RSA_METHOD accessors from the OpenSSL 1.1 API
- ported Cryptographic Message Syntax (CMS) implementation from OpenSSL
1.1.1 and enabled by default
- completed initial TLS 1.3 implementation, TLS 1.3 is now enabled
by default for the client side, with the server side to be enabled
in a future release
- provided TLSv1.3 cipher suite aliases to match the names used
in RFC 8446
For details see ChangeLog.
Sascha Wildner [Wed, 24 Apr 2019 17:49:43 +0000 (19:49 +0200)]
Add a missing manual page to LIBRESSL's vendor branch.
Maxim Ag [Sat, 20 Apr 2019 09:51:47 +0000 (12:51 +0300)]
Update LibreSSL from version 2.4.4 => 2.9.1
Submitted-by: Maxim + v2 update to 2.9.1 stable
John Marino [Fri, 13 Jan 2017 22:00:47 +0000 (16:00 -0600)]
Update LibreSSL from version 2.4.3 => 2.4.4
John Marino [Mon, 3 Oct 2016 19:23:51 +0000 (14:23 -0500)]
Update LibreSSL from version 2.4.2 => 2.4.3
John Marino [Tue, 6 Sep 2016 16:00:43 +0000 (11:00 -0500)]
Import LibreSSL v2.4.2 to vendor branch