1. 22 Sep, 2016 1 commit
  2. 19 Sep, 2016 2 commits
  3. 05 Sep, 2016 1 commit
  4. 08 Jul, 2016 1 commit
  5. 06 Jul, 2016 1 commit
  6. 22 Jun, 2016 1 commit
  7. 03 May, 2016 1 commit
    • Timo Teräs's avatar
      main/openssl: security upgrade to 1.0.2h · cbb0770d
      Timo Teräs authored
      CVE-2016-2107 Prevent padding oracle in AES-NI CBC MAC check
      CVE-2016-2105 Fix EVP_EncodeUpdate overflow
      CVE-2016-2106 Fix EVP_EncryptUpdate overflow
      CVE-2016-2109 Prevent ASN.1 BIO excessive memory allocation
      CVE-2016-2176 EBCDIC overread
      cbb0770d
  8. 11 Mar, 2016 1 commit
  9. 03 Mar, 2016 1 commit
  10. 01 Mar, 2016 2 commits
  11. 04 Feb, 2016 2 commits
  12. 28 Jan, 2016 1 commit
  13. 07 Jan, 2016 1 commit
  14. 04 Dec, 2015 1 commit
  15. 09 Jul, 2015 1 commit
  16. 15 Jun, 2015 1 commit
  17. 12 Jun, 2015 1 commit
    • Timo Teräs's avatar
      main/openssl: security upgrade to 1.0.2b · 85a7f61d
      Timo Teräs authored
      CVE-2015-1788 Malformed ECParameters causes infinite loop
      CVE-2015-1789 Exploitable out-of-bounds read in X509_cmp_time
      CVE-2015-1790 PKCS7 crash with missing EnvelopedContent
      CVE-2015-1792 CMS verify infinite loop with unknown hash function
      CVE-2015-1791 Race condition handling NewSessionTicket
      85a7f61d
  18. 27 Mar, 2015 1 commit
  19. 19 Mar, 2015 1 commit
    • Timo Teräs's avatar
      main/openssl: security upgrade to 1.0.2a · c6126a69
      Timo Teräs authored
      CVE-2015-0291, CVE-2015-0290, CVE-2015-0207, CVE-2015-0286,
      CVE-2015-0208, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293,
      CVE-2015-1787, CVE-2015-0285, CVE-2015-0209, CVE-2015-0288
      c6126a69
  20. 23 Feb, 2015 1 commit
  21. 19 Jan, 2015 1 commit
  22. 09 Jan, 2015 1 commit
    • Timo Teräs's avatar
      main/openssl: security upgrade to 1.0.1k · 26dd3845
      Timo Teräs authored
      CVE-2014-3571 DTLS segmentation fault in dtls1_get_record
      CVE-2015-0206 DTLS memory leak in dtls1_buffer_record
      CVE-2014-3569 no-ssl3 configuration sets method to NULL
      CVE-2014-3572 ECDHE silently downgrades to ECDH [Client]
      CVE-2015-0204 RSA silently downgrades to EXPORT_RSA [Client]
      CVE-2015-0205 DH client certificates accepted without verification [Server]
      CVE-2014-8275 Certificate fingerprints can be modified
      CVE-2014-3570 Bignum squaring may produce incorrect results
      26dd3845
  23. 08 Jan, 2015 2 commits
  24. 15 Oct, 2014 1 commit
  25. 12 Oct, 2014 1 commit
  26. 07 Aug, 2014 3 commits
    • Timo Teräs's avatar
      main/openssl: fix man-pages properly · 7c34cd9c
      Timo Teräs authored
      Failed to rebase the manpages patch properly. This removes the hunks
      that delete pages. Instead have the package script rename the affected
      man pages, and update the patch only to change the cross references
      of the conflicting man pages.
      7c34cd9c
    • Timo Teräs's avatar
      main/openssl: remove conflicting man pages · d4f5d980
      Timo Teräs authored
      d4f5d980
    • Timo Teräs's avatar
      main/openssl: security ugprade to 1.0.1i (multiple CVE) · 9b2d3aa0
      Timo Teräs authored
      CVE-2014-3508 Information leak in pretty printing functions
      CVE-2014-5139 Crash with SRP ciphersuite in Server Hello message
      CVE-2014-3509 Race condition in ssl_parse_serverhello_tlsext
      CVE-2014-3505 Double Free when processing DTLS packets
      CVE-2014-3506 DTLS memory exhaustion
      CVE-2014-3507 DTLS memory leak from zero-length fragments
      CVE-2014-3510 OpenSSL DTLS anonymous EC(DH) denial of service
      CVE-2014-3511 OpenSSL TLS protocol downgrade attack
      CVE-2014-3512 SRP buffer overrun
      9b2d3aa0
  27. 05 Jun, 2014 1 commit
    • Timo Teräs's avatar
      main/openssl: security upgrade to 1.0.1h (multiple CVE) · c7c8818b
      Timo Teräs authored
      Newly fixed CVEs:
      CVE-2014-0224 SSL/TLS MITM vulnerability
      CVE-2014-0221 DTLS recursion flaw
      CVE-2014-0195 DTLS invalid fragment vulnerability
      
      Previously fixed in Alpine by cherry picks:
      CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
      c7c8818b
  28. 29 May, 2014 1 commit
  29. 11 Apr, 2014 1 commit
  30. 09 Apr, 2014 1 commit
    • Ariadne Conill's avatar
      main/openssl: disable free(2) caching in ssl code · ffb07fe0
      Ariadne Conill authored
      This code is dubious at best and also responsible for the heartbleed vulnerability
      being exposed in the first place.  With the heartbleed test on a broken version, this
      results in a daemon crash instead of private key exposure.  We add dummy padding to
      preserve ABI compatibility with older packages.
      ffb07fe0
  31. 07 Apr, 2014 1 commit
  32. 10 Jan, 2014 1 commit
  33. 07 Jan, 2014 1 commit
    • Timo Teräs's avatar
      main/openssl: security upgrade to 1.0.1f · be0d0a44
      Timo Teräs authored
       * Don't include gmt_unix_time in TLS server and client random values
       * Fix for TLS record tampering bug CVE-2013-4353
       * Fix for TLS version checking bug CVE-2013-6449
       * Fix for DTLS retransmission bug CVE-2013-6450
      be0d0a44
  34. 03 Jan, 2014 1 commit