| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade from 1.0.1m to 1.0.1n addresses following vulnerabilities:
CVE-2015-4000, DHE man-in-the-middle protection (Logjam)
CVE-2015-1788, Malformed ECParameters causes infinite loop
CVE-2015-1789, Exploitable out-of-bounds read in X509_cmp_time
CVE-2015-1790, PKCS7 crash with missing EnvelopedContent
CVE-2015-1791, Race condition handling NewSessionTicket
CVE-2015-1792, CMS verify infinite loop with unknown hash function
Upgrade from 1.0.1n to 1.0.1o fixes ABI compatibility issues:
Fix HMAC ABI incompatibility. The previous version introduced an ABI
incompatibility in the handling of HMAC. The previous ABI has now been
restored.
References:
http://openssl.org/news/secadv_20150611.txt
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/CHANGES
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security update, some patches modified to apply correctly mostly due to
upstream changing indentation/styling
* configure-targets.patch updated
* fix-cipher-des-ede3-cfb1.patch updated
* openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch updated
* openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch removed as no
merged with 3942e7d9ebc262fa5c5c42aba0167e06d981f004 in upstream
(From OE-Core rev: 248dec5e550cfcaaaa479a5bff9b79ba5cd0765d)
Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
| |
|
|
| |
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch addresses following CVEs:
CVE-2014-3569
CVE-2015-0204
CVE-2015-0205
CVE-2014-8275
CVE-2014-3571
CVE-2014-3570
Additional two patches (0004 & 0005) which were needed for CVE-2014-8275
have been backported from 1.0.1 stable (OpenSSL_1_0_1-stable) branch.
Reference
https://www.openssl.org/news/secadv_20150108.txt
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A denial of service flaw was found in the way BIND followed DNS
delegations. A remote attacker could use a specially crafted zone
containing a large number of referrals which, when looked up and
processed, would cause named to use excessive amounts of memory
or crash.
External References:
===================
https://kb.isc.org/article/AA-01216/74/CVE-2014-8500%3A-A-Defect-in-\
Delegation-Handling-Can-Be-Exploited-to-Crash-BIND.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
| |
|
|
|
|
|
|
| |
Fix no-ssl3 configuration option
This patch is a backport from OpenSSL_1.0.1j.
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
| |
|
|
|
|
|
|
| |
Fix for session tickets memory leak.
This patch is a backport from OpenSSL_1.0.1j.
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
| |
|
|
|
|
|
|
| |
Fix for SRTP Memory Leak
This patch is a backport from OpenSSL_1.0.1j.
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
| |
|
|
|
|
|
|
| |
OpenSSL_1.0.1 SSLV3 POODLE VULNERABILITY (CVE2014-3566)
This patch is a backport from OpenSSL_1.0.1j.
Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
|
| |
|
|
|
|
|
|
|
|
| |
1) DTLS invalid fragment vulnerability (CVE-2014-0195)
2) DTLS recursion flaw (CVE-2014-0221)
3) SSL/TLS MITM vulnerability (CVE-2014-0224)
4) Anonymous ECDH denial of service (CVE-2014-3470)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
|
|
|
Migrated from the internal git server on the daisy-enea branch
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
