svn commit: r281508 - in user/cperciva/freebsd-update-build/patches: 10.0-RELEASE 10.1-RELEASE 8.4-RELEASE 9.3-RELEASE
Xin LI
delphij at FreeBSD.org
Mon Apr 13 22:50:46 UTC 2015
Author: delphij
Date: Mon Apr 13 22:50:44 2015
New Revision: 281508
URL: https://svnweb.freebsd.org/changeset/base/281508
Log:
Add recent patches.
Added:
user/cperciva/freebsd-update-build/patches/10.0-RELEASE/18-EN-15:02.openssl
user/cperciva/freebsd-update-build/patches/10.0-RELEASE/18-EN-15:03.freebsd-update
user/cperciva/freebsd-update-build/patches/10.0-RELEASE/18-SA-15:04.igmp
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/6-EN-15:01.vt
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/6-EN-15:02.openssl
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/6-EN-15:03.freebsd-update
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/6-SA-15:04.igmp
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/7-SA-15:06.openssl
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/8-SA-15:06.openssl
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/9-SA-15:04.igmp
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/9-SA-15:07.ntp
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/9-SA-15:08.bsdinstall
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/9-SA-15:09.ipv6
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/24-EN-15:02.openssl
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/24-EN-15:03.freebsd-update
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/24-SA-15:04.igmp
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/24-SA-15:05.bind
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/25-SA-15:06.openssl
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/26-SA-15:06.openssl
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/27-SA-15:04.igmp
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/27-SA-15:07.ntp
user/cperciva/freebsd-update-build/patches/8.4-RELEASE/27-SA-15:09.ipv6
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/10-EN-15:01.vt
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/10-EN-15:02.openssl
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/10-EN-15:03.freebsd-update
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/10-SA-15:04.igmp
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/10-SA-15:05.bind
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/11-SA-15:06.openssl
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/12-SA-15:06.openssl
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/13-SA-15:04.igmp
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/13-SA-15:07.ntp
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/13-SA-15:09.ipv6
Added: user/cperciva/freebsd-update-build/patches/10.0-RELEASE/18-EN-15:02.openssl
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.0-RELEASE/18-EN-15:02.openssl Mon Apr 13 22:50:44 2015 (r281508)
@@ -0,0 +1,58313 @@
+Index: crypto/openssl/ACKNOWLEDGMENTS
+===================================================================
+--- crypto/openssl/ACKNOWLEDGMENTS (revision 279126)
++++ crypto/openssl/ACKNOWLEDGMENTS (working copy)
+@@ -10,13 +10,18 @@ OpenSSL project.
+ We would like to identify and thank the following such sponsors for their past
+ or current significant support of the OpenSSL project:
+
++Major support:
++
++ Qualys http://www.qualys.com/
++
+ Very significant support:
+
+- OpenGear: www.opengear.com
++ OpenGear: http://www.opengear.com/
+
+ Significant support:
+
+- PSW Group: www.psw.net
++ PSW Group: http://www.psw.net/
++ Acano Ltd. http://acano.com/
+
+ Please note that we ask permission to identify sponsors and that some sponsors
+ we consider eligible for inclusion here have requested to remain anonymous.
+Index: crypto/openssl/CHANGES
+===================================================================
+--- crypto/openssl/CHANGES (revision 279126)
++++ crypto/openssl/CHANGES (working copy)
+@@ -2,9 +2,376 @@
+ OpenSSL CHANGES
+ _______________
+
++ Changes between 1.0.1k and 1.0.1l [15 Jan 2015]
++
++ *) Build fixes for the Windows and OpenVMS platforms
++ [Matt Caswell and Richard Levitte]
++
++ Changes between 1.0.1j and 1.0.1k [8 Jan 2015]
++
++ *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
++ message can cause a segmentation fault in OpenSSL due to a NULL pointer
++ dereference. This could lead to a Denial Of Service attack. Thanks to
++ Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
++ (CVE-2014-3571)
++ [Steve Henson]
++
++ *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
++ dtls1_buffer_record function under certain conditions. In particular this
++ could occur if an attacker sent repeated DTLS records with the same
++ sequence number but for the next epoch. The memory leak could be exploited
++ by an attacker in a Denial of Service attack through memory exhaustion.
++ Thanks to Chris Mueller for reporting this issue.
++ (CVE-2015-0206)
++ [Matt Caswell]
++
++ *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
++ built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
++ method would be set to NULL which could later result in a NULL pointer
++ dereference. Thanks to Frank Schmirler for reporting this issue.
++ (CVE-2014-3569)
++ [Kurt Roeckx]
++
++ *) Abort handshake if server key exchange message is omitted for ephemeral
++ ECDH ciphersuites.
++
++ Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
++ reporting this issue.
++ (CVE-2014-3572)
++ [Steve Henson]
++
++ *) Remove non-export ephemeral RSA code on client and server. This code
++ violated the TLS standard by allowing the use of temporary RSA keys in
++ non-export ciphersuites and could be used by a server to effectively
++ downgrade the RSA key length used to a value smaller than the server
++ certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
++ INRIA or reporting this issue.
++ (CVE-2015-0204)
++ [Steve Henson]
++
++ *) Fixed issue where DH client certificates are accepted without verification.
++ An OpenSSL server will accept a DH certificate for client authentication
++ without the certificate verify message. This effectively allows a client to
++ authenticate without the use of a private key. This only affects servers
++ which trust a client certificate authority which issues certificates
++ containing DH keys: these are extremely rare and hardly ever encountered.
++ Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
++ this issue.
++ (CVE-2015-0205)
++ [Steve Henson]
++
++ *) Ensure that the session ID context of an SSL is updated when its
++ SSL_CTX is updated via SSL_set_SSL_CTX.
++
++ The session ID context is typically set from the parent SSL_CTX,
++ and can vary with the CTX.
++ [Adam Langley]
++
++ *) Fix various certificate fingerprint issues.
++
++ By using non-DER or invalid encodings outside the signed portion of a
++ certificate the fingerprint can be changed without breaking the signature.
++ Although no details of the signed portion of the certificate can be changed
++ this can cause problems with some applications: e.g. those using the
++ certificate fingerprint for blacklists.
++
++ 1. Reject signatures with non zero unused bits.
++
++ If the BIT STRING containing the signature has non zero unused bits reject
++ the signature. All current signature algorithms require zero unused bits.
++
++ 2. Check certificate algorithm consistency.
++
++ Check the AlgorithmIdentifier inside TBS matches the one in the
++ certificate signature. NB: this will result in signature failure
++ errors for some broken certificates.
++
++ Thanks to Konrad Kraszewski from Google for reporting this issue.
++
++ 3. Check DSA/ECDSA signatures use DER.
++
++ Reencode DSA/ECDSA signatures and compare with the original received
++ signature. Return an error if there is a mismatch.
++
++ This will reject various cases including garbage after signature
++ (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
++ program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
++ (negative or with leading zeroes).
++
++ Further analysis was conducted and fixes were developed by Stephen Henson
++ of the OpenSSL core team.
++
++ (CVE-2014-8275)
++ [Steve Henson]
++
++ *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
++ results on some platforms, including x86_64. This bug occurs at random
++ with a very low probability, and is not known to be exploitable in any
++ way, though its exact impact is difficult to determine. Thanks to Pieter
++ Wuille (Blockstream) who reported this issue and also suggested an initial
++ fix. Further analysis was conducted by the OpenSSL development team and
++ Adam Langley of Google. The final fix was developed by Andy Polyakov of
++ the OpenSSL core team.
++ (CVE-2014-3570)
++ [Andy Polyakov]
++
++ *) Do not resume sessions on the server if the negotiated protocol
++ version does not match the session's version. Resuming with a different
++ version, while not strictly forbidden by the RFC, is of questionable
++ sanity and breaks all known clients.
++ [David Benjamin, Emilia Käsper]
++
++ *) Tighten handling of the ChangeCipherSpec (CCS) message: reject
++ early CCS messages during renegotiation. (Note that because
++ renegotiation is encrypted, this early CCS was not exploitable.)
++ [Emilia Käsper]
++
++ *) Tighten client-side session ticket handling during renegotiation:
++ ensure that the client only accepts a session ticket if the server sends
++ the extension anew in the ServerHello. Previously, a TLS client would
++ reuse the old extension state and thus accept a session ticket if one was
++ announced in the initial ServerHello.
++
++ Similarly, ensure that the client requires a session ticket if one
++ was advertised in the ServerHello. Previously, a TLS client would
++ ignore a missing NewSessionTicket message.
++ [Emilia Käsper]
++
++ Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
++
++ *) SRTP Memory Leak.
++
++ A flaw in the DTLS SRTP extension parsing code allows an attacker, who
++ sends a carefully crafted handshake message, to cause OpenSSL to fail
++ to free up to 64k of memory causing a memory leak. This could be
++ exploited in a Denial Of Service attack. This issue affects OpenSSL
++ 1.0.1 server implementations for both SSL/TLS and DTLS regardless of
++ whether SRTP is used or configured. Implementations of OpenSSL that
++ have been compiled with OPENSSL_NO_SRTP defined are not affected.
++
++ The fix was developed by the OpenSSL team.
++ (CVE-2014-3513)
++ [OpenSSL team]
++
++ *) Session Ticket Memory Leak.
++
++ When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
++ integrity of that ticket is first verified. In the event of a session
++ ticket integrity check failing, OpenSSL will fail to free memory
++ causing a memory leak. By sending a large number of invalid session
++ tickets an attacker could exploit this issue in a Denial Of Service
++ attack.
++ (CVE-2014-3567)
++ [Steve Henson]
++
++ *) Build option no-ssl3 is incomplete.
++
++ When OpenSSL is configured with "no-ssl3" as a build option, servers
++ could accept and complete a SSL 3.0 handshake, and clients could be
++ configured to send them.
++ (CVE-2014-3568)
++ [Akamai and the OpenSSL team]
++
++ *) Add support for TLS_FALLBACK_SCSV.
++ Client applications doing fallback retries should call
++ SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
++ (CVE-2014-3566)
++ [Adam Langley, Bodo Moeller]
++
++ *) Add additional DigestInfo checks.
++
++ Reencode DigestInto in DER and check against the original when
++ verifying RSA signature: this will reject any improperly encoded
++ DigestInfo structures.
++
++ Note: this is a precautionary measure and no attacks are currently known.
++
++ [Steve Henson]
++
++ Changes between 1.0.1h and 1.0.1i [6 Aug 2014]
++
++ *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the
++ SRP code can be overrun an internal buffer. Add sanity check that
++ g, A, B < N to SRP code.
++
++ Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
++ Group for discovering this issue.
++ (CVE-2014-3512)
++ [Steve Henson]
++
++ *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
++ TLS 1.0 instead of higher protocol versions when the ClientHello message
++ is badly fragmented. This allows a man-in-the-middle attacker to force a
++ downgrade to TLS 1.0 even if both the server and the client support a
++ higher protocol version, by modifying the client's TLS records.
++
++ Thanks to David Benjamin and Adam Langley (Google) for discovering and
++ researching this issue.
++ (CVE-2014-3511)
++ [David Benjamin]
++
++ *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
++ to a denial of service attack. A malicious server can crash the client
++ with a null pointer dereference (read) by specifying an anonymous (EC)DH
++ ciphersuite and sending carefully crafted handshake messages.
++
++ Thanks to Felix Gröbert (Google) for discovering and researching this
++ issue.
++ (CVE-2014-3510)
++ [Emilia Käsper]
++
++ *) By sending carefully crafted DTLS packets an attacker could cause openssl
++ to leak memory. This can be exploited through a Denial of Service attack.
++ Thanks to Adam Langley for discovering and researching this issue.
++ (CVE-2014-3507)
++ [Adam Langley]
++
++ *) An attacker can force openssl to consume large amounts of memory whilst
++ processing DTLS handshake messages. This can be exploited through a
++ Denial of Service attack.
++ Thanks to Adam Langley for discovering and researching this issue.
++ (CVE-2014-3506)
++ [Adam Langley]
++
++ *) An attacker can force an error condition which causes openssl to crash
++ whilst processing DTLS packets due to memory being freed twice. This
++ can be exploited through a Denial of Service attack.
++ Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
++ this issue.
++ (CVE-2014-3505)
++ [Adam Langley]
++
++ *) If a multithreaded client connects to a malicious server using a resumed
++ session and the server sends an ec point format extension it could write
++ up to 255 bytes to freed memory.
++
++ Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this
++ issue.
++ (CVE-2014-3509)
++ [Gabor Tyukasz]
++
++ *) A malicious server can crash an OpenSSL client with a null pointer
++ dereference (read) by specifying an SRP ciphersuite even though it was not
++ properly negotiated with the client. This can be exploited through a
++ Denial of Service attack.
++
++ Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
++ discovering and researching this issue.
++ (CVE-2014-5139)
++ [Steve Henson]
++
++ *) A flaw in OBJ_obj2txt may cause pretty printing functions such as
++ X509_name_oneline, X509_name_print_ex et al. to leak some information
++ from the stack. Applications may be affected if they echo pretty printing
++ output to the attacker.
++
++ Thanks to Ivan Fratric (Google) for discovering this issue.
++ (CVE-2014-3508)
++ [Emilia Käsper, and Steve Henson]
++
++ *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
++ for corner cases. (Certain input points at infinity could lead to
++ bogus results, with non-infinity inputs mapped to infinity too.)
++ [Bodo Moeller]
++
++ Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
++
++ *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
++ handshake can force the use of weak keying material in OpenSSL
++ SSL/TLS clients and servers.
++
++ Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
++ researching this issue. (CVE-2014-0224)
++ [KIKUCHI Masashi, Steve Henson]
++
++ *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
++ OpenSSL DTLS client the code can be made to recurse eventually crashing
++ in a DoS attack.
++
++ Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
++ (CVE-2014-0221)
++ [Imre Rad, Steve Henson]
++
++ *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can
++ be triggered by sending invalid DTLS fragments to an OpenSSL DTLS
++ client or server. This is potentially exploitable to run arbitrary
++ code on a vulnerable client or server.
++
++ Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
++ [Jüri Aedla, Steve Henson]
++
++ *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
++ are subject to a denial of service attack.
++
++ Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
++ this issue. (CVE-2014-3470)
++ [Felix Gröbert, Ivan Fratric, Steve Henson]
++
++ *) Harmonize version and its documentation. -f flag is used to display
++ compilation flags.
++ [mancha <mancha1 at zoho.com>]
++
++ *) Fix eckey_priv_encode so it immediately returns an error upon a failure
++ in i2d_ECPrivateKey.
++ [mancha <mancha1 at zoho.com>]
++
++ *) Fix some double frees. These are not thought to be exploitable.
++ [mancha <mancha1 at zoho.com>]
++
++ Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
++
++ *) A missing bounds check in the handling of the TLS heartbeat extension
++ can be used to reveal up to 64k of memory to a connected client or
++ server.
++
++ Thanks for Neel Mehta of Google Security for discovering this bug and to
++ Adam Langley <agl at chromium.org> and Bodo Moeller <bmoeller at acm.org> for
++ preparing the fix (CVE-2014-0160)
++ [Adam Langley, Bodo Moeller]
++
++ *) Fix for the attack described in the paper "Recovering OpenSSL
++ ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
++ by Yuval Yarom and Naomi Benger. Details can be obtained from:
++ http://eprint.iacr.org/2014/140
++
++ Thanks to Yuval Yarom and Naomi Benger for discovering this
++ flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
++ [Yuval Yarom and Naomi Benger]
++
++ *) TLS pad extension: draft-agl-tls-padding-03
++
++ Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
++ TLS client Hello record length value would otherwise be > 255 and
++ less that 512 pad with a dummy extension containing zeroes so it
++ is at least 512 bytes long.
++
++ [Adam Langley, Steve Henson]
++
++ Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
++
++ *) Fix for TLS record tampering bug. A carefully crafted invalid
++ handshake could crash OpenSSL with a NULL pointer exception.
++ Thanks to Anton Johansson for reporting this issues.
++ (CVE-2013-4353)
++
++ *) Keep original DTLS digest and encryption contexts in retransmission
++ structures so we can use the previous session parameters if they need
++ to be resent. (CVE-2013-6450)
++ [Steve Henson]
++
++ *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
++ avoids preferring ECDHE-ECDSA ciphers when the client appears to be
++ Safari on OS X. Safari on OS X 10.8..10.8.3 advertises support for
++ several ECDHE-ECDSA ciphers, but fails to negotiate them. The bug
++ is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
++ 10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
++ [Rob Stradling, Adam Langley]
++
+ Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
+
+- *)
++ *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
++ supporting platforms or when small records were transferred.
++ [Andy Polyakov, Steve Henson]
+
+ Changes between 1.0.1c and 1.0.1d [5 Feb 2013]
+
+@@ -404,6 +771,63 @@
+ Add command line options to s_client/s_server.
+ [Steve Henson]
+
++ Changes between 1.0.0j and 1.0.0k [5 Feb 2013]
++
++ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
++
++ This addresses the flaw in CBC record processing discovered by
++ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
++ at: http://www.isg.rhul.ac.uk/tls/
++
++ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
++ Security Group at Royal Holloway, University of London
++ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
++ Emilia Käsper for the initial patch.
++ (CVE-2013-0169)
++ [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
++
++ *) Return an error when checking OCSP signatures when key is NULL.
++ This fixes a DoS attack. (CVE-2013-0166)
++ [Steve Henson]
++
++ *) Call OCSP Stapling callback after ciphersuite has been chosen, so
++ the right response is stapled. Also change SSL_get_certificate()
++ so it returns the certificate actually sent.
++ See http://rt.openssl.org/Ticket/Display.html?id=2836.
++ (This is a backport)
++ [Rob Stradling <rob.stradling at comodo.com>]
++
++ *) Fix possible deadlock when decoding public keys.
++ [Steve Henson]
++
++ Changes between 1.0.0i and 1.0.0j [10 May 2012]
++
++ [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after
++ OpenSSL 1.0.1.]
++
++ *) Sanity check record length before skipping explicit IV in DTLS
++ to fix DoS attack.
++
++ Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
++ fuzzing as a service testing platform.
++ (CVE-2012-2333)
++ [Steve Henson]
++
++ *) Initialise tkeylen properly when encrypting CMS messages.
++ Thanks to Solar Designer of Openwall for reporting this issue.
++ [Steve Henson]
++
++ Changes between 1.0.0h and 1.0.0i [19 Apr 2012]
++
++ *) Check for potentially exploitable overflows in asn1_d2i_read_bio
++ BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
++ in CRYPTO_realloc_clean.
++
++ Thanks to Tavis Ormandy, Google Security Team, for discovering this
++ issue and to Adam Langley <agl at chromium.org> for fixing it.
++ (CVE-2012-2110)
++ [Adam Langley (Google), Tavis Ormandy, Google Security Team]
++
+ Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
+
+ *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+@@ -1394,6 +1818,86 @@
+ *) Change 'Configure' script to enable Camellia by default.
+ [NTT]
+
++ Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
++
++ *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
++
++ This addresses the flaw in CBC record processing discovered by
++ Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
++ at: http://www.isg.rhul.ac.uk/tls/
++
++ Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
++ Security Group at Royal Holloway, University of London
++ (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
++ Emilia Käsper for the initial patch.
++ (CVE-2013-0169)
++ [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
++
++ *) Return an error when checking OCSP signatures when key is NULL.
++ This fixes a DoS attack. (CVE-2013-0166)
++ [Steve Henson]
++
++ *) Call OCSP Stapling callback after ciphersuite has been chosen, so
++ the right response is stapled. Also change SSL_get_certificate()
++ so it returns the certificate actually sent.
++ See http://rt.openssl.org/Ticket/Display.html?id=2836.
++ (This is a backport)
++ [Rob Stradling <rob.stradling at comodo.com>]
++
++ *) Fix possible deadlock when decoding public keys.
++ [Steve Henson]
++
++ Changes between 0.9.8w and 0.9.8x [10 May 2012]
++
++ *) Sanity check record length before skipping explicit IV in DTLS
++ to fix DoS attack.
++
++ Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
++ fuzzing as a service testing platform.
++ (CVE-2012-2333)
++ [Steve Henson]
++
++ *) Initialise tkeylen properly when encrypting CMS messages.
++ Thanks to Solar Designer of Openwall for reporting this issue.
++ [Steve Henson]
++
++ Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
++
++ *) The fix for CVE-2012-2110 did not take into account that the
++ 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
++ int in OpenSSL 0.9.8, making it still vulnerable. Fix by
++ rejecting negative len parameter. (CVE-2012-2131)
++ [Tomas Hoger <thoger at redhat.com>]
++
++ Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
++
++ *) Check for potentially exploitable overflows in asn1_d2i_read_bio
++ BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
++ in CRYPTO_realloc_clean.
++
++ Thanks to Tavis Ormandy, Google Security Team, for discovering this
++ issue and to Adam Langley <agl at chromium.org> for fixing it.
++ (CVE-2012-2110)
++ [Adam Langley (Google), Tavis Ormandy, Google Security Team]
++
++ Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
++
++ *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
++ in CMS and PKCS7 code. When RSA decryption fails use a random key for
++ content decryption and always return the same error. Note: this attack
++ needs on average 2^20 messages so it only affects automated senders. The
++ old behaviour can be reenabled in the CMS code by setting the
++ CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
++ an MMA defence is not necessary.
++ Thanks to Ivan Nestlerode <inestlerode at us.ibm.com> for discovering
++ this issue. (CVE-2012-0884)
++ [Steve Henson]
++
++ *) Fix CVE-2011-4619: make sure we really are receiving a
++ client hello before rejecting multiple SGC restarts. Thanks to
++ Ivan Nestlerode <inestlerode at us.ibm.com> for discovering this bug.
++ [Steve Henson]
++
+ Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
+
+ *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
+@@ -1401,7 +1905,7 @@
+ Development, Cisco Systems, Inc. for discovering this bug and
+ preparing a fix. (CVE-2012-0050)
+ [Antonio Martin]
+-
++
+ Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
+
+ *) Nadhem Alfardan and Kenny Paterson have discovered an extension
+Index: crypto/openssl/Configure
+===================================================================
+--- crypto/openssl/Configure (revision 279126)
++++ crypto/openssl/Configure (working copy)
+@@ -178,7 +178,7 @@ my %table=(
+ "debug-ben-no-opt", "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
+ "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
+ "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+-"debug-bodo", "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"debug-bodo", "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
+ "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+@@ -526,7 +526,7 @@ my %table=(
+ # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
+ "VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+ # Unified CE target
+-"debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
++"debug-VC-WIN32","cl:-W3 -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+ "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
+
+ # Borland C++ 4.5
+@@ -720,6 +720,7 @@ my %disabled = ( # "what" => "comment" [or
+ "sctp" => "default",
+ "shared" => "default",
+ "store" => "experimental",
++ "unit-test" => "default",
+ "zlib" => "default",
+ "zlib-dynamic" => "default"
+ );
+@@ -727,7 +728,7 @@ my @experimental = ();
+
+ # This is what $depflags will look like with the above defaults
+ # (we need this to see if we should advise the user to run "make depend"):
+-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE";
++my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+
+ # Explicit "no-..." options will be collected in %disabled along with the defaults.
+ # To remove something from %disabled, use "enable-foo" (unless it's experimental).
+@@ -803,6 +804,11 @@ PROCESS_ARGS:
+ {
+ $disabled{"tls1"} = "option(tls)"
+ }
++ elsif ($1 eq "ssl3-method")
++ {
++ $disabled{"ssl3-method"} = "option(ssl)";
++ $disabled{"ssl3"} = "option(ssl)";
++ }
+ else
+ {
+ $disabled{$1} = "option";
+@@ -1766,6 +1772,9 @@ open(OUT,'>crypto/opensslconf.h.new') || die "unab
+ print OUT "/* opensslconf.h */\n";
+ print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";
+
++print OUT "#ifdef __cplusplus\n";
++print OUT "extern \"C\" {\n";
++print OUT "#endif\n";
+ print OUT "/* OpenSSL was configured with the following options: */\n";
+ my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
+ $openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg;
+@@ -1870,6 +1879,9 @@ while (<IN>)
+ { print OUT $_; }
+ }
+ close(IN);
++print OUT "#ifdef __cplusplus\n";
++print OUT "}\n";
++print OUT "#endif\n";
+ close(OUT);
+ rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
+ rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
+Index: crypto/openssl/FAQ
+===================================================================
+--- crypto/openssl/FAQ (revision 279126)
++++ crypto/openssl/FAQ (working copy)
+@@ -113,11 +113,6 @@ that came with the version of OpenSSL you are usin
+ documentation is included in each OpenSSL distribution under the docs
+ directory.
+
+-For information on parts of libcrypto that are not yet documented, you
+-might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
+-predecessor, at <URL: http://www.columbia.edu/~ariel/ssleay/>. Much
+-of this still applies to OpenSSL.
+-
+ There is some documentation about certificate extensions and PKCS#12
+ in doc/openssl.txt
+
+@@ -768,6 +763,9 @@ openssl-security at openssl.org if you don't get a pr
+ acknowledging receipt then resend or mail it directly to one of the
+ more active team members (e.g. Steve).
+
++Note that bugs only present in the openssl utility are not in general
++considered to be security issues.
++
+ [PROG] ========================================================================
+
+ * Is OpenSSL thread-safe?
+Index: crypto/openssl/Makefile
+===================================================================
+--- crypto/openssl/Makefile (revision 279126)
++++ crypto/openssl/Makefile (working copy)
+@@ -4,7 +4,7 @@
+ ## Makefile for OpenSSL
+ ##
+
+-VERSION=1.0.1e
++VERSION=1.0.1l
+ MAJOR=1
+ MINOR=0.1
+ SHLIB_VERSION_NUMBER=1.0.0
+@@ -13,7 +13,7 @@ SHLIB_MAJOR=1
+ SHLIB_MINOR=0.0
+ SHLIB_EXT=
+ PLATFORM=dist
+-OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-zlib no-zlib-dynamic static-engine
++OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine
+ CONFIGURE_ARGS=dist
+ SHLIB_TARGET=
+
+@@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl
+
+ CC= cc
+ CFLAG= -O
+-DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE
++DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST
+ PEX_LIBS=
+ EX_LIBS=
+ EXE_EXT=
+@@ -304,7 +304,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_ds
+ FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
+ export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
+ fi; \
+- $(MAKE) -e SHLIBDIRS=crypto build-shared; \
++ $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
++ (touch -c fips_premain_dso$(EXE_EXT) || :); \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
+Index: crypto/openssl/Makefile.org
+===================================================================
+--- crypto/openssl/Makefile.org (revision 279126)
++++ crypto/openssl/Makefile.org (working copy)
+@@ -302,7 +302,8 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_ds
+ FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
+ export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
+ fi; \
+- $(MAKE) -e SHLIBDIRS=crypto build-shared; \
++ $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
++ (touch -c fips_premain_dso$(EXE_EXT) || :); \
+ else \
+ echo "There's no support for shared libraries on this platform" >&2; \
+ exit 1; \
+Index: crypto/openssl/NEWS
+===================================================================
+--- crypto/openssl/NEWS (revision 279126)
++++ crypto/openssl/NEWS (working copy)
+@@ -5,11 +5,67 @@
+ This file gives a brief overview of the major changes between each OpenSSL
+ release. For more details please read the CHANGES file.
+
+- Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e:
++ Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
+
++ o Build fixes for the Windows and OpenVMS platforms
++
++ Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
++
++ o Fix for CVE-2014-3571
++ o Fix for CVE-2015-0206
++ o Fix for CVE-2014-3569
++ o Fix for CVE-2014-3572
++ o Fix for CVE-2015-0204
++ o Fix for CVE-2015-0205
++ o Fix for CVE-2014-8275
++ o Fix for CVE-2014-3570
++
++ Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
++
++ o Fix for CVE-2014-3513
++ o Fix for CVE-2014-3567
++ o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
++ o Fix for CVE-2014-3568
++
++ Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
++
++ o Fix for CVE-2014-3512
++ o Fix for CVE-2014-3511
++ o Fix for CVE-2014-3510
++ o Fix for CVE-2014-3507
++ o Fix for CVE-2014-3506
++ o Fix for CVE-2014-3505
++ o Fix for CVE-2014-3509
++ o Fix for CVE-2014-5139
++ o Fix for CVE-2014-3508
++
++ Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
++
++ o Fix for CVE-2014-0224
++ o Fix for CVE-2014-0221
++ o Fix for CVE-2014-0198
++ o Fix for CVE-2014-0195
++ o Fix for CVE-2014-3470
++ o Fix for CVE-2010-5298
++
++ Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
++
++ o Fix for CVE-2014-0160
++ o Add TLS padding extension workaround for broken servers.
++ o Fix for CVE-2014-0076
++
++ Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
++
++ o Don't include gmt_unix_time in TLS server and client random values
++ o Fix for TLS record tampering bug CVE-2013-4353
++ o Fix for TLS version checking bug CVE-2013-6449
++ o Fix for DTLS retransmission bug CVE-2013-6450
++
++ Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
++
+ o Corrected fix for CVE-2013-0169
+
+- Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d:
++ Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
+
+ o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
+ o Include the fips configuration module.
+@@ -17,24 +73,24 @@
+ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+ o Fix for TLS AESNI record handling flaw CVE-2012-2686
+
+- Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c:
++ Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
+
+ o Fix TLS/DTLS record length checking bug CVE-2012-2333
+ o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
+
+- Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b:
++ Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
+
+ o Fix compilation error on non-x86 platforms.
+ o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
+ o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
+
+- Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a:
++ Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
+
+ o Fix for ASN1 overflow bug CVE-2012-2110
+ o Workarounds for some servers that hang on long client hellos.
+ o Fix SEGV in AES code.
+
+- Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:
++ Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
+
+ o TLS/DTLS heartbeat support.
+ o SCTP support.
+@@ -47,17 +103,30 @@
+ o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
+ o SRP support.
+
+- Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h:
++ Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
+
++ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
++ o Fix OCSP bad key DoS attack CVE-2013-0166
++
++ Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
++
++ o Fix DTLS record length checking bug CVE-2012-2333
++
++ Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
++
++ o Fix for ASN1 overflow bug CVE-2012-2110
++
++ Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
++
+ o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+ o Corrected fix for CVE-2011-4619
+ o Various DTLS fixes.
+
+- Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g:
++ Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
+
+ o Fix for DTLS DoS issue CVE-2012-0050
+
+- Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f:
++ Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
+
+ o Fix for DTLS plaintext recovery attack CVE-2011-4108
+ o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+@@ -65,7 +134,7 @@
+ o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
+ o Check for malformed RFC3779 data CVE-2011-4577
+
+- Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e:
++ Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
+
+ o Fix for CRL vulnerability issue CVE-2011-3207
+ o Fix for ECDH crashes CVE-2011-3210
+@@ -73,11 +142,11 @@
+ o Support ECDH ciphersuites for certificates using SHA2 algorithms.
+ o Various DTLS fixes.
+
+- Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d:
++ Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
+
+ o Fix for security issue CVE-2011-0014
+
+- Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c:
++ Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
+
+ o Fix for security issue CVE-2010-4180
+ o Fix for CVE-2010-4252
+@@ -85,18 +154,18 @@
+ o Fix various platform compilation issues.
+ o Corrected fix for security issue CVE-2010-3864.
+
+- Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b:
++ Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]:
+
+ o Fix for security issue CVE-2010-3864.
+ o Fix for CVE-2010-2939
+ o Fix WIN32 build system for GOST ENGINE.
+
+- Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a:
++ Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]:
+
+ o Fix for security issue CVE-2010-1633.
+ o GOST MAC and CFB fixes.
+
+- Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0:
++ Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
+
+ o RFC3280 path validation: sufficient to process PKITS tests.
+ o Integrated support for PVK files and keyblobs.
+@@ -119,20 +188,55 @@
+ o Opaque PRF Input TLS extension support.
+ o Updated time routines to avoid OS limitations.
+
+- Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r:
++ Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
+
++ o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
++ o Fix OCSP bad key DoS attack CVE-2013-0166
++
++ Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
++
++ o Fix DTLS record length checking bug CVE-2012-2333
++
++ Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
++
++ o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
++
++ Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
++
++ o Fix for ASN1 overflow bug CVE-2012-2110
++
++ Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
++
++ o Fix for CMS/PKCS#7 MMA CVE-2012-0884
++ o Corrected fix for CVE-2011-4619
++ o Various DTLS fixes.
++
++ Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
++
++ o Fix for DTLS DoS issue CVE-2012-0050
++
++ Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
++
++ o Fix for DTLS plaintext recovery attack CVE-2011-4108
++ o Fix policy check double free error CVE-2011-4109
++ o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
++ o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
++ o Check for malformed RFC3779 data CVE-2011-4577
++
++ Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
++
+ o Fix for security issue CVE-2011-0014
+
+- Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q:
++ Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
+
+ o Fix for security issue CVE-2010-4180
+ o Fix for CVE-2010-4252
+
+- Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p:
++ Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
+
+ o Fix for security issue CVE-2010-3864.
+
+- Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o:
++ Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
+
+ o Fix for security issue CVE-2010-0742.
+ o Various DTLS fixes.
+@@ -140,12 +244,12 @@
+ o Fix for no-rc4 compilation.
+ o Chil ENGINE unload workaround.
+
+- Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n:
++ Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
+
+ o CFB cipher definition fixes.
+ o Fix security issues CVE-2010-0740 and CVE-2010-0433.
+
+- Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m:
++ Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
+
+ o Cipher definition fixes.
+ o Workaround for slow RAND_poll() on some WIN32 versions.
+@@ -157,21 +261,21 @@
+ o Ticket and SNI coexistence fixes.
+ o Many fixes to DTLS handling.
+
+- Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l:
++ Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
+
+ o Temporary work around for CVE-2009-3555: disable renegotiation.
+
+- Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k:
++ Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
+
+ o Fix various build issues.
+ o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
+
+- Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j:
++ Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
+
+ o Fix security issue (CVE-2008-5077)
+ o Merge FIPS 140-2 branch code.
+
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-user
mailing list