Nagy Karoly Gabriel
879991d3c5
openssl: Updated (1.0.1j -> 1.0.1k) SECURITY! See note.
...
This update solves eight security issues namingly:
1. DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
2. DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
3. no-ssl3 configuration sets method to NULL (CVE-2014-3569)
4. ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
5. RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
6. DH client certificates accepted without verification [Server] (CVE-2015-0205)
7. Certificate fingerprints can be modified (CVE-2014-8275)
8. Bignum squaring may produce incorrect results (CVE-2014-3570)
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150108.txt
10 years ago
Nagy Karoly Gabriel
a4c83c11e6
openssl: Updated (1.0.1i -> 1.0.1j) SECURITY! (CVE-2014-3513)
...
also (CVE-2014-3567) and (CVE-2014-3568) and other
non security bugfixes.
10 years ago
Alejandro Mery
e005071123
openssl: Updated (1.0.1h -> 1.0.1i) [SECURITY]
...
https://www.openssl.org/news/secadv_20140806.txt
* CVE-2014-3505
* CVE-2014-3506
* CVE-2014-3507
* CVE-2014-3508
* CVE-2014-3509
* CVE-2014-3510
* CVE-2014-3511
* CVE-2014-3512
* CVE-2014-5139
Signed-off-by: Alejandro Mery <amery@geeks.cl>
11 years ago
Nagy Karoly Gabriel
b890d78497
openssl: Updated (1.0.1g -> 1.0.1h) multiple security issues.
...
http://www.openssl.org/news/secadv_20140605.txt
11 years ago
Christian Wiese
2e20b57df3
openssl: Updated (1.0.1f -> 1.0.1g) SECURITY! CVE-2014-0160
...
This fixes the TLS heartbeat read overrun (CVE-2014-0160) vulnerability
References:
[1] https://www.openssl.org/news/secadv_20140407.txt
[2] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0160
11 years ago
Christian Wiese
0c3986585b
openssl: Updated (1.0.1e -> 1.0.1f) (SECURITY UPDATE)
...
Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
*) Fix for TLS record tampering bug. A carefully crafted invalid
handshake could crash OpenSSL with a NULL pointer exception.
Thanks to Anton Johansson for reporting this issues.
(CVE-2013-4353)
*) Keep original DTLS digest and encryption contexts in retransmission
structures so we can use the previous session parameters if they need
to be resent. (CVE-2013-6450)
[Steve Henson]
*) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
avoids preferring ECDHE-ECDSA ciphers when the client appears to be
Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug
is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
[Rob Stradling, Adam Langley]
11 years ago
Christian Wiese
11b73f6a31
openssl: add upstream fix for SSL_get_certificate
...
Reference:
- http://git.openssl.org/gitweb/?p=openssl.git;a=patch;h=147dbb2fe3bead7a10e2f280261b661ce7af7adc
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703031
12 years ago
Christian Wiese
5915b141e3
openssl: Updated (1.0.1d -> 1.0.1e) (CVE-2013-0169)
...
This bugfix release corrects the fix for CVE-2013-0169 done in openssl 1.0.1d.
12 years ago
Christian Wiese
14ec2ff0f5
openssl: Updated (1.0.1c -> 1.0.1d) (SECURITY UPDATE!)
...
Fixing following CVE's
- SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)
- TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686)
- OCSP invalid key DoS issue (CVE-2013-0166)
Reference: http://www.openssl.org/news/secadv_20130205.txt
12 years ago
Christian Wiese
0baabe115b
openssl: improved to enable kerberos support if available
...
Note:
Despite the fact that openssl's "Configure" script seems to offer support
for MIT Kerberos and Heimdal only the MIT flavour is officially supported!
13 years ago
Christian Wiese
63a44388cd
openssl: changed to also build at stage 3
...
Note:
This is needed to solve the possible circular dependency with kerberos
implementations like MIT kerberos (krb5 package) or Heimdal (heimdal
package).
13 years ago
Christian Wiese
7ab268aca9
openssl: Updated (1.0.1b -> 1.0.1c) (CVE-2012-2333)
...
http://openssl.org/news/secadv_20120510.txt
13 years ago
Alejandro Mery
db7f67b9e0
openssl: Updated (1.0.1a -> 1.0.1b)
13 years ago
Alejandro Mery
8a6246f41b
openssl: Updated (1.0.1 -> 1.0.1a) [CVE-2012-2110]
13 years ago
Alejandro Mery
fbe76e3aff
openssl: Updated (1.0.0i -> 1.0.1)
13 years ago
Alejandro Mery
c3048c6931
openssl: Updated (1.0.0h -> 1.0.0i) [CVE-2012-2110]
13 years ago
Alejandro Mery
02dd623d9c
openssl: Updated (1.0.0g -> 1.0.0h)
13 years ago
Alejandro Mery
e60f2ab28e
openssl: Updated (1.0.0f -> 1.0.0g)
13 years ago
Christian Wiese
576141c53f
openssl: Updated (1.0.0e -> 1.0.0f)
13 years ago
Christian Wiese
86f545b40a
openssl: Updated (1.0.0d -> 1.0.0e) (SECURITY: CVE-2011-3207 CVE-2011-3210)
...
Note:
More information about the security fixes can be found here:
http://openssl.org/news/secadv_20110906.txt
13 years ago
Christian Wiese
48ec1ec931
openssl: removed obsolete patches {ripemd,sha}_size_t.patch
14 years ago
Aldas Nabazas
8c3a128d52
massive cache files update from compiling packages <400.000 , ref build 2011-02-07
14 years ago
Aldas Nabazas
1c15f21e13
openssl: Updated (1.0.0c -> 1.0.0d)
14 years ago
Aldas Nabazas
c37736347c
openssl: Updated (1.0.0b -> 1.0.0c)
14 years ago
Aldas Nabazas
dba8a6451a
openssl: enabled md2 for nmap
14 years ago
Aldas Nabazas
19e59878d8
openssl: Updated (1.0.0a -> 1.0.0b)
14 years ago
Aldas Nabazas
0f65e1bd44
openssl: Updated (0.9.8o -> 1.0.0a)
14 years ago
Christian Wiese
cabb33de42
openssl: Removed binutils related patch because the issue was fixed in openssl release 0.9.8m
15 years ago
Christian Wiese
400de09d53
openssl: fixed x86_64 build while using newer binutils/gas which requires sign extention
...
New gas requires sign extention in lea instruction. This resolves md5-x86_64.pl
and sha1-x86_64.pl bugs, but without modifying the code. PR: 2094,2095
http://cvs.openssl.org/chngview?cn=18869
Fix for out range of signed 32bit displacement error on newer binutils in file
sha1-x86_64.pl.
http://cvs.openssl.org/chngview?cn=18864
15 years ago
Christian Wiese
b347aefe83
openssl: Updated (0.9.8n -> 0.9.8o) SECURITY! CVE-2010-1633
...
[IMPORTANT]
An invalid Return value check in pkey_rsa_verifyrecover was discovered. When
verification recovery fails for RSA keys an uninitialised buffer with an
undefined length is returned instead of an error code. This could lead to an
information leak.
original advisory: http://www.openssl.org/news/secadv_20100601.txt
CVE-2010-1633: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1633
15 years ago
Christian Wiese
fd30227eb9
openssl: Updated (0.9.8m -> 0.9.8n) SECURITY! CVE-2010-0740
...
References
----------
This vulnerability is tracked as CVE-2010-0740.
URL for this Security Advisory:
http://www.openssl.org/news/secadv_20100324.txt
15 years ago
Alejandro Mery
6f3bb12a2c
openssl: Updated (0.9.8l -> 0.9.8m) - SECURITY
15 years ago
Alejandro Mery
b4091f3692
openssl: Updated (0.9.8k -> 0.9.8l)
15 years ago
Alejandro Mery
3058b42617
openssl: updated download location
16 years ago
Alejandro Mery
fd5385da83
openssl: Updated (0.9.8j -> 0.9.8k) - SECURITY
...
http://www.openssl.org/news/secadv_20090325.txt
16 years ago
Alejandro Mery
fbdd53ef13
openssl: Updated (0.9.8i -> 0.9.8j) - SECURITY
16 years ago
Aldas Nabazas
8c81f02dac
openssl: Updated (0.9.8h -> 0.9.8i)
16 years ago
Aldas Nabazas
77aa0935f4
openssl: Updated (0.9.8g -> 0.9.8h) : SECURITY - MEDIUM
...
CVE-2008-1678 (Medium) :
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f
through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via
multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server
mod_ssl that specify a compression algorithm.
17 years ago
Alejandro Mery
98010b4d95
[openssl] Marked to build on stage 1 when cross compiling
17 years ago
Alejandro Mery
d8cf15a66c
Regenerated copyright notes broadly, without renewing them.
17 years ago
Alejandro Mery
d15769f41d
Removed trailing spaces massively, hoping to not break anything. Copyright notes not renewed
17 years ago
Christian Wiese
9132fd91d4
Took over maintainship of openssl package
17 years ago
Christian Wiese
53d97437eb
Updated openssl (0.9.8d -> 0.9.8g)
17 years ago
Alejandro Mery
0b9e401255
Removed #! lines from .conf files
18 years ago
Alejandro Mery
12b79fecfa
* relocated current package database to the trunk of the package sub-project
...
git-svn-id: svn://svn.opensde.net/opensde/package/trunk@20072 10447126-35f2-4685-b0cf-6dd780d3921f
18 years ago