summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Peter Avalos [Fri, 27 Apr 2012 19:35:59 +0000 (12:35 -0700)]
Import OpenSSL-1.0.1b.
o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
Peter Avalos [Sat, 21 Apr 2012 03:33:46 +0000 (20:33 -0700)]
Import OpenSSL-1.0.1a.
o Fix for ASN1 overflow bug CVE-2012-2110.
o Workarounds for some servers that hang on long client hellos.
o Fix SEGV in AES code.
Peter Avalos [Tue, 10 Apr 2012 16:57:21 +0000 (09:57 -0700)]
Bring in the krb5 module in OpenSSL.
Even though we don't have Kerberos5 in base, we should still be
installing the krb5_asn.h header.
Peter Avalos [Sun, 25 Mar 2012 17:44:51 +0000 (10:44 -0700)]
Import OpenSSL-1.0.1.
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:
o TLS/DTLS heartbeat support.
o SCTP support.
o RFC 5705 TLS key material exporter.
o RFC 5764 DTLS-SRTP negotiation.
o Next Protocol Negotiation.
o PSS signatures in certificates, requests and CRLs.
o Support for password based recipient info for CMS.
o Support TLS v1.2 and TLS v1.1.
o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
o SRP support.
Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h:
o Fix for CMS/PKCS#7 MMA CVE-2012-0884
o Corrected fix for CVE-2011-4619
o Various DTLS fixes.
Peter Avalos [Fri, 20 Jan 2012 00:11:16 +0000 (16:11 -0800)]
Import OpenSSL-1.0.0g.
o Fix for DTLS DoS issue CVE-2012-0050
Peter Avalos [Thu, 5 Jan 2012 00:06:12 +0000 (16:06 -0800)]
Import OpenSSL-1.0.0f.
o Fix for DTLS plaintext recovery attack CVE-2011-4108
o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
o Check for malformed RFC3779 data CVE-2011-4577
Peter Avalos [Wed, 21 Sep 2011 00:22:53 +0000 (17:22 -0700)]
Import OpenSSL-1.0.0e.
o Fix for CRL vulnerability issue CVE-2011-3207
o Fix for ECDH crashes CVE-2011-3210
o Protection against EC timing attacks.
o Support ECDH ciphersuites for certificates using SHA2 algorithms.
o Various DTLS fixes.
Peter Avalos [Wed, 9 Feb 2011 04:59:57 +0000 (18:59 -1000)]
Import OpenSSL-1.0.0d.
Peter Avalos [Sun, 12 Dec 2010 00:08:43 +0000 (14:08 -1000)]
Import OpenSSL-1.0.0c.
Peter Avalos [Sun, 21 Nov 2010 05:49:12 +0000 (19:49 -1000)]
Add files to OpenSSL that will generate optimized asm code.
Peter Avalos [Thu, 18 Nov 2010 05:41:45 +0000 (19:41 -1000)]
Import OpenSSL-1.0.0b.
This primarily fixes CVE-2010-3864 and CVE-2010-2939.
Peter Avalos [Wed, 22 Sep 2010 11:21:58 +0000 (01:21 -1000)]
Import OpenSSL-1.0.0a.
Peter Avalos [Sun, 28 Feb 2010 00:07:00 +0000 (00:07 +0000)]
Import OpenSSL-0.9.8m.
This new OpenSSL version is a security and bugfix release which
implements RFC5746 to address renegotiation vulnerabilities mentioned in
CVE-2009-3555. For a complete list of changes, please see the CHANGES
file.
Aggelos Economopoulos [Wed, 11 Nov 2009 10:47:52 +0000 (10:47 +0000)]
Remove README.DRAGONFLY from vendor branch
Aggelos Economopoulos [Sat, 7 Nov 2009 18:44:09 +0000 (18:44 +0000)]
Import OpenSSL 0.9.8l
Disables renegotiation to workaround CVE-2009-3555.
Peter Avalos [Sat, 11 Apr 2009 03:00:56 +0000 (03:00 +0000)]
Upgrade to OpenSSL-0.9.8k.
This fixes security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
and other minor bugs. See CHANGES for more details.
Peter Avalos [Sat, 11 Apr 2009 02:44:26 +0000 (02:44 +0000)]
Add README.DELETED to the vendor branch for OpenSSL.
This is probably a good idea for other directories as well. It's too
cumbersome not having this file available on the vendor branch, since
that's really where the work is done to remove unwanted files from the
vendor's distribution.
Peter Avalos [Sun, 11 Jan 2009 19:56:29 +0000 (14:56 -0500)]
Import OpenSSL 0.9.8j.
Note that we're adding a stripped-down doc/ and utils/ since we need
these to build our manual pages.
Peter Avalos [Sun, 11 Jan 2009 17:35:26 +0000 (12:35 -0500)]
Move openssl-0.9/ to openssl/.
Versioning the directories just really doesn't make sense, especially
now with git.
Peter Avalos [Sun, 11 Jan 2009 17:13:24 +0000 (12:13 -0500)]
Remove old versions of OpenSSL.
Peter Avalos [Sat, 27 Sep 2008 20:51:29 +0000 (20:51 +0000)]
Import OpenSSL-0.9.8i.
Peter Avalos [Sat, 6 Sep 2008 20:36:16 +0000 (20:36 +0000)]
Import OpenSSL 0.9.8h.
Peter Avalos [Thu, 25 Oct 2007 04:11:26 +0000 (04:11 +0000)]
Import OpenSSL-0.9.8g.
Peter Avalos [Fri, 12 Oct 2007 19:40:12 +0000 (19:40 +0000)]
Import OpenSSL-0.9.8f.
Peter Avalos [Wed, 28 Mar 2007 19:01:30 +0000 (19:01 +0000)]
Import OpenSSL 0.9.8e.
Peter Avalos [Mon, 20 Nov 2006 05:16:00 +0000 (05:16 +0000)]
Import OpenSSL 0.9.8d.
Simon Schubert [Wed, 6 Sep 2006 12:35:33 +0000 (12:35 +0000)]
Import OpenSSL 0.9.8c
Simon Schubert [Sat, 3 Dec 2005 13:48:16 +0000 (13:48 +0000)]
Import OpenSSL 0.9.8a
Simon Schubert [Thu, 7 Jul 2005 12:04:51 +0000 (12:04 +0000)]
Import of openssl-0.9.8, a feature release.
Jeroen Ruigrok/asmodai [Sat, 18 Dec 2004 15:29:53 +0000 (15:29 +0000)]
Add OpenSSL 0.9.7e.
Notable changes:
- Fix race condition in CRL checking code.
- Fixes to PKCS#7 (S/MIME) code.
Jeroen Ruigrok/asmodai [Tue, 31 Aug 2004 20:02:04 +0000 (20:02 +0000)]
Add OpenSSL 0.9.7d.
Jeroen Ruigrok/asmodai [Sun, 29 Aug 2004 12:45:27 +0000 (12:45 +0000)]
Add OpenSSL 0.9.7d.