dragonfly.git
7 weeks agoImport OpenSSL-1.0.1h. vendor/OPENSSL
Sascha Wildner [Fri, 6 Jun 2014 15:48:23 +0000 (17:48 +0200)]
Import OpenSSL-1.0.1h.

* Fixes for CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-3470
* Harmonize version and its documentation
* Fix eckey_priv_encode so it immediately returns an error upon a
    failure in i2d_ECPrivateKey
* Fix some double frees. These are not thought to be exploitable.

See also http://www.openssl.org/news/secadv_20140605.txt

Submitted-by: Robin Hahling <robin.hahling@gw-computing.net>
3 months agoImport OpenSSL-1.0.1g.
Peter Avalos [Tue, 8 Apr 2014 00:59:53 +0000 (17:59 -0700)]
Import OpenSSL-1.0.1g.

o Fix for CVE-2014-0160
o Add TLS padding extension workaround for broken servers.
o Fix for CVE-2014-0076
o Don't include gmt_unix_time in TLS server and client random values
o Fix for TLS record tampering bug CVE-2013-4353
o Fix for TLS version checking bug CVE-2013-6449
o Fix for DTLS retransmission bug CVE-2013-6450

17 months agoImport OpenSSL-1.0.1e.
Peter Avalos [Wed, 13 Feb 2013 17:15:43 +0000 (09:15 -0800)]
Import OpenSSL-1.0.1e.

o Corrected fix for CVE-2013-0169.

17 months agoImport OpenSSL-1.0.1d.
Peter Avalos [Sun, 10 Feb 2013 09:23:52 +0000 (01:23 -0800)]
Import OpenSSL-1.0.1d.

      o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
      o Fix OCSP bad key DoS attack CVE-2013-0166
      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
      o Fix for TLS AESNI record handling flaw CVE-2012-2686

2 years agoImport OpenSSL-1.0.1c.
Peter Avalos [Sun, 13 May 2012 19:47:02 +0000 (12:47 -0700)]
Import OpenSSL-1.0.1c.

  o Fix TLS/DTLS record length checking bug CVE-2012-2333

2 years agoImport OpenSSL-1.0.1b.
Peter Avalos [Fri, 27 Apr 2012 19:35:59 +0000 (12:35 -0700)]
Import OpenSSL-1.0.1b.

      o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
      o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0

2 years agoImport OpenSSL-1.0.1a.
Peter Avalos [Sat, 21 Apr 2012 03:33:46 +0000 (20:33 -0700)]
Import OpenSSL-1.0.1a.

o Fix for ASN1 overflow bug CVE-2012-2110.
o Workarounds for some servers that hang on long client hellos.
o Fix SEGV in AES code.

2 years agoBring in the krb5 module in OpenSSL.
Peter Avalos [Tue, 10 Apr 2012 16:57:21 +0000 (09:57 -0700)]
Bring in the krb5 module in OpenSSL.

Even though we don't have Kerberos5 in base, we should still be
installing the krb5_asn.h header.

2 years agoImport OpenSSL-1.0.1.
Peter Avalos [Sun, 25 Mar 2012 17:44:51 +0000 (10:44 -0700)]
Import OpenSSL-1.0.1.

  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:

      o TLS/DTLS heartbeat support.
      o SCTP support.
      o RFC 5705 TLS key material exporter.
      o RFC 5764 DTLS-SRTP negotiation.
      o Next Protocol Negotiation.
      o PSS signatures in certificates, requests and CRLs.
      o Support for password based recipient info for CMS.
      o Support TLS v1.2 and TLS v1.1.
      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
      o SRP support.

  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h:

      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
      o Corrected fix for CVE-2011-4619
      o Various DTLS fixes.

2 years agoImport OpenSSL-1.0.0g.
Peter Avalos [Fri, 20 Jan 2012 00:11:16 +0000 (16:11 -0800)]
Import OpenSSL-1.0.0g.

o Fix for DTLS DoS issue CVE-2012-0050

2 years agoImport OpenSSL-1.0.0f.
Peter Avalos [Thu, 5 Jan 2012 00:06:12 +0000 (16:06 -0800)]
Import OpenSSL-1.0.0f.

      o Fix for DTLS plaintext recovery attack CVE-2011-4108
      o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
      o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
      o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
      o Check for malformed RFC3779 data CVE-2011-4577

2 years agoImport OpenSSL-1.0.0e.
Peter Avalos [Wed, 21 Sep 2011 00:22:53 +0000 (17:22 -0700)]
Import OpenSSL-1.0.0e.

      o Fix for CRL vulnerability issue CVE-2011-3207
      o Fix for ECDH crashes CVE-2011-3210
      o Protection against EC timing attacks.
      o Support ECDH ciphersuites for certificates using SHA2 algorithms.
      o Various DTLS fixes.

3 years agoImport OpenSSL-1.0.0d.
Peter Avalos [Wed, 9 Feb 2011 04:59:57 +0000 (18:59 -1000)]
Import OpenSSL-1.0.0d.

3 years agoImport OpenSSL-1.0.0c.
Peter Avalos [Sun, 12 Dec 2010 00:08:43 +0000 (14:08 -1000)]
Import OpenSSL-1.0.0c.

3 years agoAdd files to OpenSSL that will generate optimized asm code.
Peter Avalos [Sun, 21 Nov 2010 05:49:12 +0000 (19:49 -1000)]
Add files to OpenSSL that will generate optimized asm code.

3 years agoImport OpenSSL-1.0.0b.
Peter Avalos [Thu, 18 Nov 2010 05:41:45 +0000 (19:41 -1000)]
Import OpenSSL-1.0.0b.

This primarily fixes CVE-2010-3864 and CVE-2010-2939.

3 years agoImport OpenSSL-1.0.0a.
Peter Avalos [Wed, 22 Sep 2010 11:21:58 +0000 (01:21 -1000)]
Import OpenSSL-1.0.0a.

4 years agoImport OpenSSL-0.9.8m.
Peter Avalos [Sun, 28 Feb 2010 00:07:00 +0000 (00:07 +0000)]
Import OpenSSL-0.9.8m.

This new OpenSSL version is a security and bugfix release which
implements RFC5746 to address renegotiation vulnerabilities mentioned in
CVE-2009-3555. For a complete list of changes, please see the CHANGES
file.

4 years agoRemove README.DRAGONFLY from vendor branch
Aggelos Economopoulos [Wed, 11 Nov 2009 10:47:52 +0000 (10:47 +0000)]
Remove README.DRAGONFLY from vendor branch

4 years agoImport OpenSSL 0.9.8l
Aggelos Economopoulos [Sat, 7 Nov 2009 18:44:09 +0000 (18:44 +0000)]
Import OpenSSL 0.9.8l

Disables renegotiation to workaround CVE-2009-3555.

5 years agoUpgrade to OpenSSL-0.9.8k.
Peter Avalos [Sat, 11 Apr 2009 03:00:56 +0000 (03:00 +0000)]
Upgrade to OpenSSL-0.9.8k.

This fixes security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
and other minor bugs.  See CHANGES for more details.

5 years agoAdd README.DELETED to the vendor branch for OpenSSL.
Peter Avalos [Sat, 11 Apr 2009 02:44:26 +0000 (02:44 +0000)]
Add README.DELETED to the vendor branch for OpenSSL.

This is probably a good idea for other directories as well.  It's too
cumbersome not having this file available on the vendor branch, since
that's really where the work is done to remove unwanted files from the
vendor's distribution.

5 years agoImport OpenSSL 0.9.8j.
Peter Avalos [Sun, 11 Jan 2009 19:56:29 +0000 (14:56 -0500)]
Import OpenSSL 0.9.8j.

Note that we're adding a stripped-down doc/ and utils/ since we need
these to build our manual pages.

5 years agoMove openssl-0.9/ to openssl/.
Peter Avalos [Sun, 11 Jan 2009 17:35:26 +0000 (12:35 -0500)]
Move openssl-0.9/ to openssl/.

Versioning the directories just really doesn't make sense, especially
now with git.

5 years agoRemove old versions of OpenSSL.
Peter Avalos [Sun, 11 Jan 2009 17:13:24 +0000 (12:13 -0500)]
Remove old versions of OpenSSL.

5 years agoImport OpenSSL-0.9.8i.
Peter Avalos [Sat, 27 Sep 2008 20:51:29 +0000 (20:51 +0000)]
Import OpenSSL-0.9.8i.

5 years agoImport OpenSSL 0.9.8h.
Peter Avalos [Sat, 6 Sep 2008 20:36:16 +0000 (20:36 +0000)]
Import OpenSSL 0.9.8h.

6 years agoImport OpenSSL-0.9.8g.
Peter Avalos [Thu, 25 Oct 2007 04:11:26 +0000 (04:11 +0000)]
Import OpenSSL-0.9.8g.

6 years agoImport OpenSSL-0.9.8f.
Peter Avalos [Fri, 12 Oct 2007 19:40:12 +0000 (19:40 +0000)]
Import OpenSSL-0.9.8f.

7 years agoImport OpenSSL 0.9.8e.
Peter Avalos [Wed, 28 Mar 2007 19:01:30 +0000 (19:01 +0000)]
Import OpenSSL 0.9.8e.

7 years agoImport OpenSSL 0.9.8d.
Peter Avalos [Mon, 20 Nov 2006 05:16:00 +0000 (05:16 +0000)]
Import OpenSSL 0.9.8d.

7 years agoImport OpenSSL 0.9.8c
Simon Schubert [Wed, 6 Sep 2006 12:35:33 +0000 (12:35 +0000)]
Import OpenSSL 0.9.8c

8 years agoImport OpenSSL 0.9.8a
Simon Schubert [Sat, 3 Dec 2005 13:48:16 +0000 (13:48 +0000)]
Import OpenSSL 0.9.8a

9 years agoImport of openssl-0.9.8, a feature release.
Simon Schubert [Thu, 7 Jul 2005 12:04:51 +0000 (12:04 +0000)]
Import of openssl-0.9.8, a feature release.

9 years agoAdd OpenSSL 0.9.7e.
Jeroen Ruigrok/asmodai [Sat, 18 Dec 2004 15:29:53 +0000 (15:29 +0000)]
Add OpenSSL 0.9.7e.

Notable changes:

- Fix race condition in CRL checking code.
- Fixes to PKCS#7 (S/MIME) code.

9 years agoAdd OpenSSL 0.9.7d.
Jeroen Ruigrok/asmodai [Tue, 31 Aug 2004 20:02:04 +0000 (20:02 +0000)]
Add OpenSSL 0.9.7d.

9 years agoAdd OpenSSL 0.9.7d.
Jeroen Ruigrok/asmodai [Sun, 29 Aug 2004 12:45:27 +0000 (12:45 +0000)]
Add OpenSSL 0.9.7d.