Date: Mon, 13 Apr 2015 22:50:45 +0000 (UTC) From: Xin LI <delphij@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r281508 - in user/cperciva/freebsd-update-build/patches: 10.0-RELEASE 10.1-RELEASE 8.4-RELEASE 9.3-RELEASE Message-ID: <201504132250.t3DMojSq065983@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: delphij Date: Mon Apr 13 22:50:44 2015 New Revision: 281508 URL: https://svnweb.freebsd.org/changeset/base/281508 Log: Add recent patches. Added: user/cperciva/freebsd-update-build/patches/10.0-RELEASE/18-EN-15:02.openssl user/cperciva/freebsd-update-build/patches/10.0-RELEASE/18-EN-15:03.freebsd-update user/cperciva/freebsd-update-build/patches/10.0-RELEASE/18-SA-15:04.igmp user/cperciva/freebsd-update-build/patches/10.1-RELEASE/6-EN-15:01.vt user/cperciva/freebsd-update-build/patches/10.1-RELEASE/6-EN-15:02.openssl user/cperciva/freebsd-update-build/patches/10.1-RELEASE/6-EN-15:03.freebsd-update user/cperciva/freebsd-update-build/patches/10.1-RELEASE/6-SA-15:04.igmp user/cperciva/freebsd-update-build/patches/10.1-RELEASE/7-SA-15:06.openssl user/cperciva/freebsd-update-build/patches/10.1-RELEASE/8-SA-15:06.openssl user/cperciva/freebsd-update-build/patches/10.1-RELEASE/9-SA-15:04.igmp user/cperciva/freebsd-update-build/patches/10.1-RELEASE/9-SA-15:07.ntp user/cperciva/freebsd-update-build/patches/10.1-RELEASE/9-SA-15:08.bsdinstall user/cperciva/freebsd-update-build/patches/10.1-RELEASE/9-SA-15:09.ipv6 user/cperciva/freebsd-update-build/patches/8.4-RELEASE/24-EN-15:02.openssl user/cperciva/freebsd-update-build/patches/8.4-RELEASE/24-EN-15:03.freebsd-update user/cperciva/freebsd-update-build/patches/8.4-RELEASE/24-SA-15:04.igmp user/cperciva/freebsd-update-build/patches/8.4-RELEASE/24-SA-15:05.bind user/cperciva/freebsd-update-build/patches/8.4-RELEASE/25-SA-15:06.openssl user/cperciva/freebsd-update-build/patches/8.4-RELEASE/26-SA-15:06.openssl user/cperciva/freebsd-update-build/patches/8.4-RELEASE/27-SA-15:04.igmp user/cperciva/freebsd-update-build/patches/8.4-RELEASE/27-SA-15:07.ntp user/cperciva/freebsd-update-build/patches/8.4-RELEASE/27-SA-15:09.ipv6 user/cperciva/freebsd-update-build/patches/9.3-RELEASE/10-EN-15:01.vt user/cperciva/freebsd-update-build/patches/9.3-RELEASE/10-EN-15:02.openssl user/cperciva/freebsd-update-build/patches/9.3-RELEASE/10-EN-15:03.freebsd-update user/cperciva/freebsd-update-build/patches/9.3-RELEASE/10-SA-15:04.igmp user/cperciva/freebsd-update-build/patches/9.3-RELEASE/10-SA-15:05.bind user/cperciva/freebsd-update-build/patches/9.3-RELEASE/11-SA-15:06.openssl user/cperciva/freebsd-update-build/patches/9.3-RELEASE/12-SA-15:06.openssl user/cperciva/freebsd-update-build/patches/9.3-RELEASE/13-SA-15:04.igmp user/cperciva/freebsd-update-build/patches/9.3-RELEASE/13-SA-15:07.ntp user/cperciva/freebsd-update-build/patches/9.3-RELEASE/13-SA-15:09.ipv6 Added: user/cperciva/freebsd-update-build/patches/10.0-RELEASE/18-EN-15:02.openssl ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ user/cperciva/freebsd-update-build/patches/10.0-RELEASE/18-EN-15:02.openssl Mon Apr 13 22:50:44 2015 (r281508) @@ -0,0 +1,58313 @@ +Index: crypto/openssl/ACKNOWLEDGMENTS +=================================================================== +--- crypto/openssl/ACKNOWLEDGMENTS (revision 279126) ++++ crypto/openssl/ACKNOWLEDGMENTS (working copy) +@@ -10,13 +10,18 @@ OpenSSL project. + We would like to identify and thank the following such sponsors for their past + or current significant support of the OpenSSL project: + ++Major support: ++ ++ Qualys http://www.qualys.com/ ++ + Very significant support: + +- OpenGear: www.opengear.com ++ OpenGear: http://www.opengear.com/ + + Significant support: + +- PSW Group: www.psw.net ++ PSW Group: http://www.psw.net/ ++ Acano Ltd. http://acano.com/ + + Please note that we ask permission to identify sponsors and that some sponsors + we consider eligible for inclusion here have requested to remain anonymous. +Index: crypto/openssl/CHANGES +=================================================================== +--- crypto/openssl/CHANGES (revision 279126) ++++ crypto/openssl/CHANGES (working copy) +@@ -2,9 +2,376 @@ + OpenSSL CHANGES + _______________ + ++ Changes between 1.0.1k and 1.0.1l [15 Jan 2015] ++ ++ *) Build fixes for the Windows and OpenVMS platforms ++ [Matt Caswell and Richard Levitte] ++ ++ Changes between 1.0.1j and 1.0.1k [8 Jan 2015] ++ ++ *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS ++ message can cause a segmentation fault in OpenSSL due to a NULL pointer ++ dereference. This could lead to a Denial Of Service attack. Thanks to ++ Markus Stenberg of Cisco Systems, Inc. for reporting this issue. ++ (CVE-2014-3571) ++ [Steve Henson] ++ ++ *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the ++ dtls1_buffer_record function under certain conditions. In particular this ++ could occur if an attacker sent repeated DTLS records with the same ++ sequence number but for the next epoch. The memory leak could be exploited ++ by an attacker in a Denial of Service attack through memory exhaustion. ++ Thanks to Chris Mueller for reporting this issue. ++ (CVE-2015-0206) ++ [Matt Caswell] ++ ++ *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is ++ built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl ++ method would be set to NULL which could later result in a NULL pointer ++ dereference. Thanks to Frank Schmirler for reporting this issue. ++ (CVE-2014-3569) ++ [Kurt Roeckx] ++ ++ *) Abort handshake if server key exchange message is omitted for ephemeral ++ ECDH ciphersuites. ++ ++ Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for ++ reporting this issue. ++ (CVE-2014-3572) ++ [Steve Henson] ++ ++ *) Remove non-export ephemeral RSA code on client and server. This code ++ violated the TLS standard by allowing the use of temporary RSA keys in ++ non-export ciphersuites and could be used by a server to effectively ++ downgrade the RSA key length used to a value smaller than the server ++ certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at ++ INRIA or reporting this issue. ++ (CVE-2015-0204) ++ [Steve Henson] ++ ++ *) Fixed issue where DH client certificates are accepted without verification. ++ An OpenSSL server will accept a DH certificate for client authentication ++ without the certificate verify message. This effectively allows a client to ++ authenticate without the use of a private key. This only affects servers ++ which trust a client certificate authority which issues certificates ++ containing DH keys: these are extremely rare and hardly ever encountered. ++ Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting ++ this issue. ++ (CVE-2015-0205) ++ [Steve Henson] ++ ++ *) Ensure that the session ID context of an SSL is updated when its ++ SSL_CTX is updated via SSL_set_SSL_CTX. ++ ++ The session ID context is typically set from the parent SSL_CTX, ++ and can vary with the CTX. ++ [Adam Langley] ++ ++ *) Fix various certificate fingerprint issues. ++ ++ By using non-DER or invalid encodings outside the signed portion of a ++ certificate the fingerprint can be changed without breaking the signature. ++ Although no details of the signed portion of the certificate can be changed ++ this can cause problems with some applications: e.g. those using the ++ certificate fingerprint for blacklists. ++ ++ 1. Reject signatures with non zero unused bits. ++ ++ If the BIT STRING containing the signature has non zero unused bits reject ++ the signature. All current signature algorithms require zero unused bits. ++ ++ 2. Check certificate algorithm consistency. ++ ++ Check the AlgorithmIdentifier inside TBS matches the one in the ++ certificate signature. NB: this will result in signature failure ++ errors for some broken certificates. ++ ++ Thanks to Konrad Kraszewski from Google for reporting this issue. ++ ++ 3. Check DSA/ECDSA signatures use DER. ++ ++ Reencode DSA/ECDSA signatures and compare with the original received ++ signature. Return an error if there is a mismatch. ++ ++ This will reject various cases including garbage after signature ++ (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS ++ program for discovering this case) and use of BER or invalid ASN.1 INTEGERs ++ (negative or with leading zeroes). ++ ++ Further analysis was conducted and fixes were developed by Stephen Henson ++ of the OpenSSL core team. ++ ++ (CVE-2014-8275) ++ [Steve Henson] ++ ++ *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect ++ results on some platforms, including x86_64. This bug occurs at random ++ with a very low probability, and is not known to be exploitable in any ++ way, though its exact impact is difficult to determine. Thanks to Pieter ++ Wuille (Blockstream) who reported this issue and also suggested an initial ++ fix. Further analysis was conducted by the OpenSSL development team and ++ Adam Langley of Google. The final fix was developed by Andy Polyakov of ++ the OpenSSL core team. ++ (CVE-2014-3570) ++ [Andy Polyakov] ++ ++ *) Do not resume sessions on the server if the negotiated protocol ++ version does not match the session's version. Resuming with a different ++ version, while not strictly forbidden by the RFC, is of questionable ++ sanity and breaks all known clients. ++ [David Benjamin, Emilia Käsper] ++ ++ *) Tighten handling of the ChangeCipherSpec (CCS) message: reject ++ early CCS messages during renegotiation. (Note that because ++ renegotiation is encrypted, this early CCS was not exploitable.) ++ [Emilia Käsper] ++ ++ *) Tighten client-side session ticket handling during renegotiation: ++ ensure that the client only accepts a session ticket if the server sends ++ the extension anew in the ServerHello. Previously, a TLS client would ++ reuse the old extension state and thus accept a session ticket if one was ++ announced in the initial ServerHello. ++ ++ Similarly, ensure that the client requires a session ticket if one ++ was advertised in the ServerHello. Previously, a TLS client would ++ ignore a missing NewSessionTicket message. ++ [Emilia Käsper] ++ ++ Changes between 1.0.1i and 1.0.1j [15 Oct 2014] ++ ++ *) SRTP Memory Leak. ++ ++ A flaw in the DTLS SRTP extension parsing code allows an attacker, who ++ sends a carefully crafted handshake message, to cause OpenSSL to fail ++ to free up to 64k of memory causing a memory leak. This could be ++ exploited in a Denial Of Service attack. This issue affects OpenSSL ++ 1.0.1 server implementations for both SSL/TLS and DTLS regardless of ++ whether SRTP is used or configured. Implementations of OpenSSL that ++ have been compiled with OPENSSL_NO_SRTP defined are not affected. ++ ++ The fix was developed by the OpenSSL team. ++ (CVE-2014-3513) ++ [OpenSSL team] ++ ++ *) Session Ticket Memory Leak. ++ ++ When an OpenSSL SSL/TLS/DTLS server receives a session ticket the ++ integrity of that ticket is first verified. In the event of a session ++ ticket integrity check failing, OpenSSL will fail to free memory ++ causing a memory leak. By sending a large number of invalid session ++ tickets an attacker could exploit this issue in a Denial Of Service ++ attack. ++ (CVE-2014-3567) ++ [Steve Henson] ++ ++ *) Build option no-ssl3 is incomplete. ++ ++ When OpenSSL is configured with "no-ssl3" as a build option, servers ++ could accept and complete a SSL 3.0 handshake, and clients could be ++ configured to send them. ++ (CVE-2014-3568) ++ [Akamai and the OpenSSL team] ++ ++ *) Add support for TLS_FALLBACK_SCSV. ++ Client applications doing fallback retries should call ++ SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV). ++ (CVE-2014-3566) ++ [Adam Langley, Bodo Moeller] ++ ++ *) Add additional DigestInfo checks. ++ ++ Reencode DigestInto in DER and check against the original when ++ verifying RSA signature: this will reject any improperly encoded ++ DigestInfo structures. ++ ++ Note: this is a precautionary measure and no attacks are currently known. ++ ++ [Steve Henson] ++ ++ Changes between 1.0.1h and 1.0.1i [6 Aug 2014] ++ ++ *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the ++ SRP code can be overrun an internal buffer. Add sanity check that ++ g, A, B < N to SRP code. ++ ++ Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC ++ Group for discovering this issue. ++ (CVE-2014-3512) ++ [Steve Henson] ++ ++ *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate ++ TLS 1.0 instead of higher protocol versions when the ClientHello message ++ is badly fragmented. This allows a man-in-the-middle attacker to force a ++ downgrade to TLS 1.0 even if both the server and the client support a ++ higher protocol version, by modifying the client's TLS records. ++ ++ Thanks to David Benjamin and Adam Langley (Google) for discovering and ++ researching this issue. ++ (CVE-2014-3511) ++ [David Benjamin] ++ ++ *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject ++ to a denial of service attack. A malicious server can crash the client ++ with a null pointer dereference (read) by specifying an anonymous (EC)DH ++ ciphersuite and sending carefully crafted handshake messages. ++ ++ Thanks to Felix Gröbert (Google) for discovering and researching this ++ issue. ++ (CVE-2014-3510) ++ [Emilia Käsper] ++ ++ *) By sending carefully crafted DTLS packets an attacker could cause openssl ++ to leak memory. This can be exploited through a Denial of Service attack. ++ Thanks to Adam Langley for discovering and researching this issue. ++ (CVE-2014-3507) ++ [Adam Langley] ++ ++ *) An attacker can force openssl to consume large amounts of memory whilst ++ processing DTLS handshake messages. This can be exploited through a ++ Denial of Service attack. ++ Thanks to Adam Langley for discovering and researching this issue. ++ (CVE-2014-3506) ++ [Adam Langley] ++ ++ *) An attacker can force an error condition which causes openssl to crash ++ whilst processing DTLS packets due to memory being freed twice. This ++ can be exploited through a Denial of Service attack. ++ Thanks to Adam Langley and Wan-Teh Chang for discovering and researching ++ this issue. ++ (CVE-2014-3505) ++ [Adam Langley] ++ ++ *) If a multithreaded client connects to a malicious server using a resumed ++ session and the server sends an ec point format extension it could write ++ up to 255 bytes to freed memory. ++ ++ Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this ++ issue. ++ (CVE-2014-3509) ++ [Gabor Tyukasz] ++ ++ *) A malicious server can crash an OpenSSL client with a null pointer ++ dereference (read) by specifying an SRP ciphersuite even though it was not ++ properly negotiated with the client. This can be exploited through a ++ Denial of Service attack. ++ ++ Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for ++ discovering and researching this issue. ++ (CVE-2014-5139) ++ [Steve Henson] ++ ++ *) A flaw in OBJ_obj2txt may cause pretty printing functions such as ++ X509_name_oneline, X509_name_print_ex et al. to leak some information ++ from the stack. Applications may be affected if they echo pretty printing ++ output to the attacker. ++ ++ Thanks to Ivan Fratric (Google) for discovering this issue. ++ (CVE-2014-3508) ++ [Emilia Käsper, and Steve Henson] ++ ++ *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.) ++ for corner cases. (Certain input points at infinity could lead to ++ bogus results, with non-infinity inputs mapped to infinity too.) ++ [Bodo Moeller] ++ ++ Changes between 1.0.1g and 1.0.1h [5 Jun 2014] ++ ++ *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted ++ handshake can force the use of weak keying material in OpenSSL ++ SSL/TLS clients and servers. ++ ++ Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and ++ researching this issue. (CVE-2014-0224) ++ [KIKUCHI Masashi, Steve Henson] ++ ++ *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an ++ OpenSSL DTLS client the code can be made to recurse eventually crashing ++ in a DoS attack. ++ ++ Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. ++ (CVE-2014-0221) ++ [Imre Rad, Steve Henson] ++ ++ *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can ++ be triggered by sending invalid DTLS fragments to an OpenSSL DTLS ++ client or server. This is potentially exploitable to run arbitrary ++ code on a vulnerable client or server. ++ ++ Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195) ++ [Jüri Aedla, Steve Henson] ++ ++ *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites ++ are subject to a denial of service attack. ++ ++ Thanks to Felix Gröbert and Ivan Fratric at Google for discovering ++ this issue. (CVE-2014-3470) ++ [Felix Gröbert, Ivan Fratric, Steve Henson] ++ ++ *) Harmonize version and its documentation. -f flag is used to display ++ compilation flags. ++ [mancha <mancha1@zoho.com>] ++ ++ *) Fix eckey_priv_encode so it immediately returns an error upon a failure ++ in i2d_ECPrivateKey. ++ [mancha <mancha1@zoho.com>] ++ ++ *) Fix some double frees. These are not thought to be exploitable. ++ [mancha <mancha1@zoho.com>] ++ ++ Changes between 1.0.1f and 1.0.1g [7 Apr 2014] ++ ++ *) A missing bounds check in the handling of the TLS heartbeat extension ++ can be used to reveal up to 64k of memory to a connected client or ++ server. ++ ++ Thanks for Neel Mehta of Google Security for discovering this bug and to ++ Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for ++ preparing the fix (CVE-2014-0160) ++ [Adam Langley, Bodo Moeller] ++ ++ *) Fix for the attack described in the paper "Recovering OpenSSL ++ ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" ++ by Yuval Yarom and Naomi Benger. Details can be obtained from: ++ http://eprint.iacr.org/2014/140 ++ ++ Thanks to Yuval Yarom and Naomi Benger for discovering this ++ flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) ++ [Yuval Yarom and Naomi Benger] ++ ++ *) TLS pad extension: draft-agl-tls-padding-03 ++ ++ Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the ++ TLS client Hello record length value would otherwise be > 255 and ++ less that 512 pad with a dummy extension containing zeroes so it ++ is at least 512 bytes long. ++ ++ [Adam Langley, Steve Henson] ++ ++ Changes between 1.0.1e and 1.0.1f [6 Jan 2014] ++ ++ *) Fix for TLS record tampering bug. A carefully crafted invalid ++ handshake could crash OpenSSL with a NULL pointer exception. ++ Thanks to Anton Johansson for reporting this issues. ++ (CVE-2013-4353) ++ ++ *) Keep original DTLS digest and encryption contexts in retransmission ++ structures so we can use the previous session parameters if they need ++ to be resent. (CVE-2013-6450) ++ [Steve Henson] ++ ++ *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which ++ avoids preferring ECDHE-ECDSA ciphers when the client appears to be ++ Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for ++ several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug ++ is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing ++ 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer. ++ [Rob Stradling, Adam Langley] ++ + Changes between 1.0.1d and 1.0.1e [11 Feb 2013] + +- *) ++ *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI ++ supporting platforms or when small records were transferred. ++ [Andy Polyakov, Steve Henson] + + Changes between 1.0.1c and 1.0.1d [5 Feb 2013] + +@@ -404,6 +771,63 @@ + Add command line options to s_client/s_server. + [Steve Henson] + ++ Changes between 1.0.0j and 1.0.0k [5 Feb 2013] ++ ++ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. ++ ++ This addresses the flaw in CBC record processing discovered by ++ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found ++ at: http://www.isg.rhul.ac.uk/tls/ ++ ++ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information ++ Security Group at Royal Holloway, University of London ++ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and ++ Emilia Käsper for the initial patch. ++ (CVE-2013-0169) ++ [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] ++ ++ *) Return an error when checking OCSP signatures when key is NULL. ++ This fixes a DoS attack. (CVE-2013-0166) ++ [Steve Henson] ++ ++ *) Call OCSP Stapling callback after ciphersuite has been chosen, so ++ the right response is stapled. Also change SSL_get_certificate() ++ so it returns the certificate actually sent. ++ See http://rt.openssl.org/Ticket/Display.html?id=2836. ++ (This is a backport) ++ [Rob Stradling <rob.stradling@comodo.com>] ++ ++ *) Fix possible deadlock when decoding public keys. ++ [Steve Henson] ++ ++ Changes between 1.0.0i and 1.0.0j [10 May 2012] ++ ++ [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after ++ OpenSSL 1.0.1.] ++ ++ *) Sanity check record length before skipping explicit IV in DTLS ++ to fix DoS attack. ++ ++ Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic ++ fuzzing as a service testing platform. ++ (CVE-2012-2333) ++ [Steve Henson] ++ ++ *) Initialise tkeylen properly when encrypting CMS messages. ++ Thanks to Solar Designer of Openwall for reporting this issue. ++ [Steve Henson] ++ ++ Changes between 1.0.0h and 1.0.0i [19 Apr 2012] ++ ++ *) Check for potentially exploitable overflows in asn1_d2i_read_bio ++ BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer ++ in CRYPTO_realloc_clean. ++ ++ Thanks to Tavis Ormandy, Google Security Team, for discovering this ++ issue and to Adam Langley <agl@chromium.org> for fixing it. ++ (CVE-2012-2110) ++ [Adam Langley (Google), Tavis Ormandy, Google Security Team] ++ + Changes between 1.0.0g and 1.0.0h [12 Mar 2012] + + *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness +@@ -1394,6 +1818,86 @@ + *) Change 'Configure' script to enable Camellia by default. + [NTT] + ++ Changes between 0.9.8x and 0.9.8y [5 Feb 2013] ++ ++ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time. ++ ++ This addresses the flaw in CBC record processing discovered by ++ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found ++ at: http://www.isg.rhul.ac.uk/tls/ ++ ++ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information ++ Security Group at Royal Holloway, University of London ++ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and ++ Emilia Käsper for the initial patch. ++ (CVE-2013-0169) ++ [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson] ++ ++ *) Return an error when checking OCSP signatures when key is NULL. ++ This fixes a DoS attack. (CVE-2013-0166) ++ [Steve Henson] ++ ++ *) Call OCSP Stapling callback after ciphersuite has been chosen, so ++ the right response is stapled. Also change SSL_get_certificate() ++ so it returns the certificate actually sent. ++ See http://rt.openssl.org/Ticket/Display.html?id=2836. ++ (This is a backport) ++ [Rob Stradling <rob.stradling@comodo.com>] ++ ++ *) Fix possible deadlock when decoding public keys. ++ [Steve Henson] ++ ++ Changes between 0.9.8w and 0.9.8x [10 May 2012] ++ ++ *) Sanity check record length before skipping explicit IV in DTLS ++ to fix DoS attack. ++ ++ Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic ++ fuzzing as a service testing platform. ++ (CVE-2012-2333) ++ [Steve Henson] ++ ++ *) Initialise tkeylen properly when encrypting CMS messages. ++ Thanks to Solar Designer of Openwall for reporting this issue. ++ [Steve Henson] ++ ++ Changes between 0.9.8v and 0.9.8w [23 Apr 2012] ++ ++ *) The fix for CVE-2012-2110 did not take into account that the ++ 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an ++ int in OpenSSL 0.9.8, making it still vulnerable. Fix by ++ rejecting negative len parameter. (CVE-2012-2131) ++ [Tomas Hoger <thoger@redhat.com>] ++ ++ Changes between 0.9.8u and 0.9.8v [19 Apr 2012] ++ ++ *) Check for potentially exploitable overflows in asn1_d2i_read_bio ++ BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer ++ in CRYPTO_realloc_clean. ++ ++ Thanks to Tavis Ormandy, Google Security Team, for discovering this ++ issue and to Adam Langley <agl@chromium.org> for fixing it. ++ (CVE-2012-2110) ++ [Adam Langley (Google), Tavis Ormandy, Google Security Team] ++ ++ Changes between 0.9.8t and 0.9.8u [12 Mar 2012] ++ ++ *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness ++ in CMS and PKCS7 code. When RSA decryption fails use a random key for ++ content decryption and always return the same error. Note: this attack ++ needs on average 2^20 messages so it only affects automated senders. The ++ old behaviour can be reenabled in the CMS code by setting the ++ CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where ++ an MMA defence is not necessary. ++ Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering ++ this issue. (CVE-2012-0884) ++ [Steve Henson] ++ ++ *) Fix CVE-2011-4619: make sure we really are receiving a ++ client hello before rejecting multiple SGC restarts. Thanks to ++ Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug. ++ [Steve Henson] ++ + Changes between 0.9.8s and 0.9.8t [18 Jan 2012] + + *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109. +@@ -1401,7 +1905,7 @@ + Development, Cisco Systems, Inc. for discovering this bug and + preparing a fix. (CVE-2012-0050) + [Antonio Martin] +- ++ + Changes between 0.9.8r and 0.9.8s [4 Jan 2012] + + *) Nadhem Alfardan and Kenny Paterson have discovered an extension +Index: crypto/openssl/Configure +=================================================================== +--- crypto/openssl/Configure (revision 279126) ++++ crypto/openssl/Configure (working copy) +@@ -178,7 +178,7 @@ my %table=( + "debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::", + "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", + "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +-"debug-bodo", "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", ++"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64", + "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", + "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +@@ -526,7 +526,7 @@ my %table=( + # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE' + "VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", + # Unified CE target +-"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", ++"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32", + "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32", + + # Borland C++ 4.5 +@@ -720,6 +720,7 @@ my %disabled = ( # "what" => "comment" [or + "sctp" => "default", + "shared" => "default", + "store" => "experimental", ++ "unit-test" => "default", + "zlib" => "default", + "zlib-dynamic" => "default" + ); +@@ -727,7 +728,7 @@ my @experimental = (); + + # This is what $depflags will look like with the above defaults + # (we need this to see if we should advise the user to run "make depend"): +-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE"; ++my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST"; + + # Explicit "no-..." options will be collected in %disabled along with the defaults. + # To remove something from %disabled, use "enable-foo" (unless it's experimental). +@@ -803,6 +804,11 @@ PROCESS_ARGS: + { + $disabled{"tls1"} = "option(tls)" + } ++ elsif ($1 eq "ssl3-method") ++ { ++ $disabled{"ssl3-method"} = "option(ssl)"; ++ $disabled{"ssl3"} = "option(ssl)"; ++ } + else + { + $disabled{$1} = "option"; +@@ -1766,6 +1772,9 @@ open(OUT,'>crypto/opensslconf.h.new') || die "unab + print OUT "/* opensslconf.h */\n"; + print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n"; + ++print OUT "#ifdef __cplusplus\n"; ++print OUT "extern \"C\" {\n"; ++print OUT "#endif\n"; + print OUT "/* OpenSSL was configured with the following options: */\n"; + my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; + $openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg; +@@ -1870,6 +1879,9 @@ while (<IN>) + { print OUT $_; } + } + close(IN); ++print OUT "#ifdef __cplusplus\n"; ++print OUT "}\n"; ++print OUT "#endif\n"; + close(OUT); + rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h"; + rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n"; +Index: crypto/openssl/FAQ +=================================================================== +--- crypto/openssl/FAQ (revision 279126) ++++ crypto/openssl/FAQ (working copy) +@@ -113,11 +113,6 @@ that came with the version of OpenSSL you are usin + documentation is included in each OpenSSL distribution under the docs + directory. + +-For information on parts of libcrypto that are not yet documented, you +-might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's +-predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much +-of this still applies to OpenSSL. +- + There is some documentation about certificate extensions and PKCS#12 + in doc/openssl.txt + +@@ -768,6 +763,9 @@ openssl-security@openssl.org if you don't get a pr + acknowledging receipt then resend or mail it directly to one of the + more active team members (e.g. Steve). + ++Note that bugs only present in the openssl utility are not in general ++considered to be security issues. ++ + [PROG] ======================================================================== + + * Is OpenSSL thread-safe? +Index: crypto/openssl/Makefile +=================================================================== +--- crypto/openssl/Makefile (revision 279126) ++++ crypto/openssl/Makefile (working copy) +@@ -4,7 +4,7 @@ + ## Makefile for OpenSSL + ## + +-VERSION=1.0.1e ++VERSION=1.0.1l + MAJOR=1 + MINOR=0.1 + SHLIB_VERSION_NUMBER=1.0.0 +@@ -13,7 +13,7 @@ SHLIB_MAJOR=1 + SHLIB_MINOR=0.0 + SHLIB_EXT= + PLATFORM=dist +-OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-zlib no-zlib-dynamic static-engine ++OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine + CONFIGURE_ARGS=dist + SHLIB_TARGET= + +@@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl + + CC= cc + CFLAG= -O +-DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE ++DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST + PEX_LIBS= + EX_LIBS= + EXE_EXT= +@@ -304,7 +304,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_ds + FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \ + export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \ + fi; \ +- $(MAKE) -e SHLIBDIRS=crypto build-shared; \ ++ $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \ ++ (touch -c fips_premain_dso$(EXE_EXT) || :); \ + else \ + echo "There's no support for shared libraries on this platform" >&2; \ + exit 1; \ +Index: crypto/openssl/Makefile.org +=================================================================== +--- crypto/openssl/Makefile.org (revision 279126) ++++ crypto/openssl/Makefile.org (working copy) +@@ -302,7 +302,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_ds + FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \ + export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \ + fi; \ +- $(MAKE) -e SHLIBDIRS=crypto build-shared; \ ++ $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \ ++ (touch -c fips_premain_dso$(EXE_EXT) || :); \ + else \ + echo "There's no support for shared libraries on this platform" >&2; \ + exit 1; \ +Index: crypto/openssl/NEWS +=================================================================== +--- crypto/openssl/NEWS (revision 279126) ++++ crypto/openssl/NEWS (working copy) +@@ -5,11 +5,67 @@ + This file gives a brief overview of the major changes between each OpenSSL + release. For more details please read the CHANGES file. + +- Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e: ++ Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015] + ++ o Build fixes for the Windows and OpenVMS platforms ++ ++ Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015] ++ ++ o Fix for CVE-2014-3571 ++ o Fix for CVE-2015-0206 ++ o Fix for CVE-2014-3569 ++ o Fix for CVE-2014-3572 ++ o Fix for CVE-2015-0204 ++ o Fix for CVE-2015-0205 ++ o Fix for CVE-2014-8275 ++ o Fix for CVE-2014-3570 ++ ++ Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014] ++ ++ o Fix for CVE-2014-3513 ++ o Fix for CVE-2014-3567 ++ o Mitigation for CVE-2014-3566 (SSL protocol vulnerability) ++ o Fix for CVE-2014-3568 ++ ++ Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014] ++ ++ o Fix for CVE-2014-3512 ++ o Fix for CVE-2014-3511 ++ o Fix for CVE-2014-3510 ++ o Fix for CVE-2014-3507 ++ o Fix for CVE-2014-3506 ++ o Fix for CVE-2014-3505 ++ o Fix for CVE-2014-3509 ++ o Fix for CVE-2014-5139 ++ o Fix for CVE-2014-3508 ++ ++ Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014] ++ ++ o Fix for CVE-2014-0224 ++ o Fix for CVE-2014-0221 ++ o Fix for CVE-2014-0198 ++ o Fix for CVE-2014-0195 ++ o Fix for CVE-2014-3470 ++ o Fix for CVE-2010-5298 ++ ++ Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014] ++ ++ o Fix for CVE-2014-0160 ++ o Add TLS padding extension workaround for broken servers. ++ o Fix for CVE-2014-0076 ++ ++ Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014] ++ ++ o Don't include gmt_unix_time in TLS server and client random values ++ o Fix for TLS record tampering bug CVE-2013-4353 ++ o Fix for TLS version checking bug CVE-2013-6449 ++ o Fix for DTLS retransmission bug CVE-2013-6450 ++ ++ Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]: ++ + o Corrected fix for CVE-2013-0169 + +- Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d: ++ Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]: + + o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version. + o Include the fips configuration module. +@@ -17,24 +73,24 @@ + o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 + o Fix for TLS AESNI record handling flaw CVE-2012-2686 + +- Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c: ++ Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]: + + o Fix TLS/DTLS record length checking bug CVE-2012-2333 + o Don't attempt to use non-FIPS composite ciphers in FIPS mode. + +- Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b: ++ Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]: + + o Fix compilation error on non-x86 platforms. + o Make FIPS capable OpenSSL ciphers work in non-FIPS mode. + o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0 + +- Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a: ++ Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]: + + o Fix for ASN1 overflow bug CVE-2012-2110 + o Workarounds for some servers that hang on long client hellos. + o Fix SEGV in AES code. + +- Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1: ++ Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]: + + o TLS/DTLS heartbeat support. + o SCTP support. +@@ -47,17 +103,30 @@ + o Preliminary FIPS capability for unvalidated 2.0 FIPS module. + o SRP support. + +- Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h: ++ Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]: + ++ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 ++ o Fix OCSP bad key DoS attack CVE-2013-0166 ++ ++ Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]: ++ ++ o Fix DTLS record length checking bug CVE-2012-2333 ++ ++ Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]: ++ ++ o Fix for ASN1 overflow bug CVE-2012-2110 ++ ++ Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]: ++ + o Fix for CMS/PKCS#7 MMA CVE-2012-0884 + o Corrected fix for CVE-2011-4619 + o Various DTLS fixes. + +- Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g: ++ Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]: + + o Fix for DTLS DoS issue CVE-2012-0050 + +- Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f: ++ Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]: + + o Fix for DTLS plaintext recovery attack CVE-2011-4108 + o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 +@@ -65,7 +134,7 @@ + o Check parameters are not NULL in GOST ENGINE CVE-2012-0027 + o Check for malformed RFC3779 data CVE-2011-4577 + +- Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e: ++ Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]: + + o Fix for CRL vulnerability issue CVE-2011-3207 + o Fix for ECDH crashes CVE-2011-3210 +@@ -73,11 +142,11 @@ + o Support ECDH ciphersuites for certificates using SHA2 algorithms. + o Various DTLS fixes. + +- Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d: ++ Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]: + + o Fix for security issue CVE-2011-0014 + +- Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c: ++ Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]: + + o Fix for security issue CVE-2010-4180 + o Fix for CVE-2010-4252 +@@ -85,18 +154,18 @@ + o Fix various platform compilation issues. + o Corrected fix for security issue CVE-2010-3864. + +- Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b: ++ Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]: + + o Fix for security issue CVE-2010-3864. + o Fix for CVE-2010-2939 + o Fix WIN32 build system for GOST ENGINE. + +- Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a: ++ Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]: + + o Fix for security issue CVE-2010-1633. + o GOST MAC and CFB fixes. + +- Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0: ++ Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]: + + o RFC3280 path validation: sufficient to process PKITS tests. + o Integrated support for PVK files and keyblobs. +@@ -119,20 +188,55 @@ + o Opaque PRF Input TLS extension support. + o Updated time routines to avoid OS limitations. + +- Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r: ++ Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]: + ++ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169 ++ o Fix OCSP bad key DoS attack CVE-2013-0166 ++ ++ Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]: ++ ++ o Fix DTLS record length checking bug CVE-2012-2333 ++ ++ Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]: ++ ++ o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110) ++ ++ Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]: ++ ++ o Fix for ASN1 overflow bug CVE-2012-2110 ++ ++ Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]: ++ ++ o Fix for CMS/PKCS#7 MMA CVE-2012-0884 ++ o Corrected fix for CVE-2011-4619 ++ o Various DTLS fixes. ++ ++ Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]: ++ ++ o Fix for DTLS DoS issue CVE-2012-0050 ++ ++ Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]: ++ ++ o Fix for DTLS plaintext recovery attack CVE-2011-4108 ++ o Fix policy check double free error CVE-2011-4109 ++ o Clear block padding bytes of SSL 3.0 records CVE-2011-4576 ++ o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619 ++ o Check for malformed RFC3779 data CVE-2011-4577 ++ ++ Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]: ++ + o Fix for security issue CVE-2011-0014 + +- Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q: ++ Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]: + + o Fix for security issue CVE-2010-4180 + o Fix for CVE-2010-4252 + +- Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p: ++ Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]: + + o Fix for security issue CVE-2010-3864. + +- Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o: ++ Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]: + + o Fix for security issue CVE-2010-0742. + o Various DTLS fixes. +@@ -140,12 +244,12 @@ + o Fix for no-rc4 compilation. + o Chil ENGINE unload workaround. + +- Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n: ++ Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]: + + o CFB cipher definition fixes. + o Fix security issues CVE-2010-0740 and CVE-2010-0433. + +- Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m: ++ Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]: + + o Cipher definition fixes. + o Workaround for slow RAND_poll() on some WIN32 versions. +@@ -157,21 +261,21 @@ + o Ticket and SNI coexistence fixes. + o Many fixes to DTLS handling. + +- Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l: ++ Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]: + + o Temporary work around for CVE-2009-3555: disable renegotiation. + +- Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k: ++ Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]: + + o Fix various build issues. + o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789) + +- Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j: ++ Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]: + + o Fix security issue (CVE-2008-5077) + o Merge FIPS 140-2 branch code. + *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201504132250.t3DMojSq065983>