Merge OpenSSL 0.9.8q into head.

Security: CVE-2010-4180 Security: http://www.openssl.org/news/secadv_20101202.txt MFC after: 3 days
author: simon <simon@FreeBSD.org> 2010-12-03 22:59:54 +0000
committer: simon <simon@FreeBSD.org> 2010-12-03 22:59:54 +0000
commit: 2e755187682578966c1ec502dbfe70c798a908b4 (patch)
tree: 001121d5a23a0b1561ac01281edf7c5f1cb0972a /crypto/openssl/CHANGES
parent: 477858ee257a6cd5108309ebe5f2cc80ab26c5e1 (diff)
parent: ae03beb758270fb19d741c93f7bfde88a6635612 (diff)
download: FreeBSD-src-2e755187682578966c1ec502dbfe70c798a908b4.zip
FreeBSD-src-2e755187682578966c1ec502dbfe70c798a908b4.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/crypto/openssl/CHANGES b/crypto/openssl/CHANGES
index 58fd57c..55820db 100644
--- a/crypto/openssl/CHANGES
+++ b/crypto/openssl/CHANGES
@@ -2,6 +2,18 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
+
+  *) Disable code workaround for ancient and obsolete Netscape browsers
+     and servers: an attacker can use it in a ciphersuite downgrade attack.
+     Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+     [Steve Henson]
+
+  *) Fixed J-PAKE implementation error, originally discovered by
+     Sebastien Martini, further info and confirmation from Stefan
+     Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+     [Ben Laurie]
+
  Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
 
   *) Fix extension code to avoid race conditions which can result in a buffer
author	simon <simon@FreeBSD.org>	2010-12-03 22:59:54 +0000
committer	simon <simon@FreeBSD.org>	2010-12-03 22:59:54 +0000
commit	2e755187682578966c1ec502dbfe70c798a908b4 (patch)
tree	001121d5a23a0b1561ac01281edf7c5f1cb0972a /crypto/openssl/CHANGES
parent	477858ee257a6cd5108309ebe5f2cc80ab26c5e1 (diff)
parent	ae03beb758270fb19d741c93f7bfde88a6635612 (diff)
download	FreeBSD-src-2e755187682578966c1ec502dbfe70c798a908b4.zip FreeBSD-src-2e755187682578966c1ec502dbfe70c798a908b4.tar.gz