diff options
| author | simon <simon@FreeBSD.org> | 2010-11-22 18:23:44 +0000 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2010-11-22 18:23:44 +0000 |
| commit | 7a23485c98b888d229c5e0762dbcfcec293fcef6 (patch) | |
| tree | 5691801dabb6a06320a55f5ce8ed927af41514f3 /crypto/openssl/CHANGES | |
| parent | 9c043d590896a77d5d66b978a963573a41d66ad3 (diff) | |
| download | FreeBSD-src-7a23485c98b888d229c5e0762dbcfcec293fcef6.zip FreeBSD-src-7a23485c98b888d229c5e0762dbcfcec293fcef6.tar.gz | |
Merge OpenSSL 0.9.8p into head.
Security: CVE-2010-3864
Security: http://www.openssl.org/news/secadv_20101116.txt
Diffstat (limited to 'crypto/openssl/CHANGES')
| -rw-r--r-- | crypto/openssl/CHANGES | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES index b350da7..58fd57c 100644 --- a/crypto/openssl/CHANGES +++ b/crypto/openssl/CHANGES @@ -2,6 +2,51 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8o and 0.9.8p [16 Nov 2010] + + *) Fix extension code to avoid race conditions which can result in a buffer + overrun vulnerability: resumed sessions must not be modified as they can + be shared by multiple threads. CVE-2010-3864 + [Steve Henson] + + *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 + [Steve Henson] + + *) Don't reencode certificate when calculating signature: cache and use + the original encoding instead. This makes signature verification of + some broken encodings work correctly. + [Steve Henson] + + *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT + is also one of the inputs. + [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)] + + *) Don't repeatedly append PBE algorithms to table if they already exist. + Sort table on each new add. This effectively makes the table read only + after all algorithms are added and subsequent calls to PKCS12_pbe_add + etc are non-op. + [Steve Henson] + + Changes between 0.9.8n and 0.9.8o [01 Jun 2010] + + [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after + OpenSSL 1.0.0.] + + *) Correct a typo in the CMS ASN1 module which can result in invalid memory + access or freeing data twice (CVE-2010-0742) + [Steve Henson, Ronald Moesbergen <intercommit@gmail.com>] + + *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more + common in certificates and some applications which only call + SSL_library_init and not OpenSSL_add_all_algorithms() will fail. + [Steve Henson] + + *) VMS fixes: + Reduce copying into .apps and .test in makevms.com + Don't try to use blank CA certificate in CA.com + Allow use of C files from original directories in maketests.com + [Steven M. Schweda" <sms@antinode.info>] + Changes between 0.9.8m and 0.9.8n [24 Mar 2010] *) When rejecting SSL/TLS records due to an incorrect version number, never |
