Date: Wed, 7 Jan 2009 20:17:55 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: cvs-src-old@freebsd.org Subject: cvs commit: src/contrib/lukemftpd/src extern.h ftpcmd.y ftpd.c src/crypto/openssl/apps speed.c spkac.c verify.c x509.c src/crypto/openssl/ssl s2_clnt.c s2_srvr.c s3_clnt.c s3_srvr.c ssltest.c Message-ID: <200901072024.n07KO9rJ064860@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
simon 2009-01-07 20:17:55 UTC
FreeBSD src repository
Modified files:
contrib/lukemftpd/src extern.h ftpcmd.y ftpd.c
crypto/openssl/apps speed.c spkac.c verify.c x509.c
crypto/openssl/ssl s2_clnt.c s2_srvr.c s3_clnt.c s3_srvr.c
ssltest.c
Log:
SVN rev 186872 on 2009-01-07 20:17:55Z by simon
Prevent cross-site forgery attacks on lukemftpd(8) due to splitting
long commands into multiple requests. [09:01]
Fix incorrect OpenSSL checks for malformed signatures due to invalid
check of return value from EVP_VerifyFinal(), DSA_verify, and
DSA_do_verify. [09:02]
Security: FreeBSD-SA-09:01.lukemftpd
Security: FreeBSD-SA-09:02.openssl
Obtained from: NetBSD [SA-09:01]
Obtained from: OpenSSL Project [SA-09:02]
Approved by: so (simon)
Revision Changes Path
1.2 +56 -41 src/contrib/lukemftpd/src/extern.h
1.2 +205 -138 src/contrib/lukemftpd/src/ftpcmd.y
1.6 +8 -2 src/contrib/lukemftpd/src/ftpd.c
1.16 +1 -1 src/crypto/openssl/apps/speed.c
1.2 +58 -26 src/crypto/openssl/apps/spkac.c
1.2 +193 -53 src/crypto/openssl/apps/verify.c
1.2 +523 -331 src/crypto/openssl/apps/x509.c
1.16 +1 -1 src/crypto/openssl/ssl/s2_clnt.c
1.14 +2 -2 src/crypto/openssl/ssl/s2_srvr.c
1.2 +908 -179 src/crypto/openssl/ssl/s3_clnt.c
1.2 +1128 -193 src/crypto/openssl/ssl/s3_srvr.c
1.2 +1292 -161 src/crypto/openssl/ssl/ssltest.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200901072024.n07KO9rJ064860>