Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
*) Fix for TLS record tampering bug. A carefully crafted invalid
handshake could crash OpenSSL with a NULL pointer exception.
Thanks to Anton Johansson for reporting this issues.
(CVE-2013-4353)
*) Keep original DTLS digest and encryption contexts in retransmission
structures so we can use the previous session parameters if they need
to be resent. (CVE-2013-6450)
[Steve Henson]
*) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
avoids preferring ECDHE-ECDSA ciphers when the client appears to be
Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug
is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
[Rob Stradling, Adam Langley]
This update was particularly done to fix the armhf support!
Now it is possible to generate working targets that have been optimised for
armhf.
Note
The original patch was made by Gregor Richards
ea98c70edb/patches/gcc-4.7.3-musl.diff
The patch was slightly modified to fit into OpenSDE's current gcc patchset!
Please look at the patch itself if you want to know more about the tiny
adjustment.
Note:
This option was introduced in 3.10 and is quite important for initramfs init
scripts to work, thus enabling it by default is a good thing to do!
http://cateee.net/lkddb/web-lkddb/BINFMT_SCRIPT.html
Thanks Turl for pointing testing and pointing me to that option!
Christian Wiese
Nagy Karoly Gabriel