| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix system hang when booting when PCI-express HotPlug is enabled.
[EN-17:01]
Fix NIS master updates are not pushed to NIS slave. [EN-17:02]
Fix compatibility with Hyper-V/storage after KB3172614 or
KB3179574. [EN-17:03]
Make makewhatis output reproducible. [EN-17:04]
Approved by: so
|
|
|
|
|
|
|
| |
Merge OpenSSL 1.0.2j.
Approved by: so
Approved by: re (implicit)
|
|
|
|
|
|
| |
Merge OpenSSL 1.0.2i.
Approved by: re (gjb, implicit), so (delphij)
|
|
|
|
|
|
|
|
| |
Some consumers actually use this definition.
We probably need some procedure to ensure that SHLIB_VERSION_NUMBER
is updated whenever we change the library version in
secure/lib/libssl/Makefile.
|
|\
| |
| |
| | |
Relnotes: yes
|
|\ \
| |/
| |
| | |
Relnotes: yes
|
|\ \
| |/
| |
| | |
Relnotes: yes
|
|\ \
| |/ |
|
| |
| |
| |
| | |
Reported by: brd
|
|\ \
| |/ |
|
|\ \
| |/ |
|
| | |
|
| | |
|
|\ \
| |/ |
|
| |
| |
| |
| |
| | |
MFC after: 1 week
Relnotes: yes
|
| |
| |
| |
| | |
Fix build.
|
|\ \
| |/ |
|
|\ \
| |/ |
|
|\ \
| |/ |
|
|\ \
| |/
| |
| | |
Approved by: so (delphij)
|
| |
| |
| |
| |
| |
| |
| | |
Security: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224,
CVE-2014-3470
Security: SA-14:14.openssl
Approved by: so
|
| |
| |
| |
| |
| |
| | |
Obtained from: OpenBSD
Security: FreeBSD-SA-14:09.openssl
Security: CVE-2014-0198
|
| |
| |
| |
| |
| |
| | |
Obtained from: OpenBSD
Security: FreeBSD-SA-14:09.openssl
Security: CVE-2010-5298
|
| |
| |
| |
| | |
Approved by: benl (maintainer)
|
| |
| |
| |
| |
| | |
Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel
Attack in OpenSSL. [SA-14:06]
|
| |
| |
| |
| | |
Approved by: so (delphij), benl (silence)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Apply vendor commits:
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353).
3462896 For DTLS we might need to retransmit messages from the
previous session so keep a copy of write context in DTLS
retransmission buffers instead of replacing it after
sending CCS. (CVE-2013-6450).
ca98926 When deciding whether to use TLS 1.2 PRF and record hash
algorithms use the version number in the corresponding
SSL_METHOD structure instead of the SSL structure. The
SSL structure version is sometimes inaccurate.
Note: OpenSSL 1.0.2 and later effectively do this already.
(CVE-2013-6449).
Security: CVE-2013-4353
Security: CVE-2013-6449
Security: CVE-2013-6450
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Check DTLS_BAD_VER for version number.
The version check for DTLS1_VERSION was redundant as
DTLS1_VERSION > TLS1_1_VERSION, however we do need to
check for DTLS1_BAD_VER for compatibility.
Requested by: zi
Approved by: benl
|
|\ \
| |/
| |
| | |
Approved by: secteam (simon), benl (silence)
|
| |
| |
| |
| |
| |
| | |
r237658.
Approved by: benl (maintainer, implicit)
|
| |
| |
| |
| |
| | |
Submitted by: Christoph Mallon
MFC after: 3 days
|
| |
| |
| |
| | |
X-MFC after: with r244974
|
| |
| |
| |
| |
| |
| |
| |
| | |
Integrate OpenSSL changeset 22950 (appro):
bn_word.c: fix overflow bug in BN_add_word.
MFC after: 2 weeks
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
share/mk/sys.mk instead.
This is part of a medium term project to permit deterministic builds of
FreeBSD.
Submitted by: Erik Cederstrand <erik@cederstrand.dk>
Reviewed by: imp, toolchain@
Approved by: cperciva
MFC after: 2 weeks
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
some time ago to use sysctl instead of /dev/random to get random data,
so is now much better choice, especially for sandboxed processes that have
no direct access to /dev/random.
Approved by: benl
MFC after: 2 weeks
|
| |
| |
| |
| |
| |
| |
| |
| | |
Note: I timed out waiting for an exp-run for this change but I survived
having it locally for quite a long time.
MFC after: 1 month
X-MFC note: SHLIB_MAJOR is 6 in stable/8 and stable/9
|
|\ \
| |/
| |
| | |
Approved by: benl (maintainer)
|
| |
| |
| |
| |
| |
| |
| | |
and engine(3) are generated from these pod files during merge process and
we do not want to re-apply these changes over and over again.
Approved by: benl (maintainer, implicit)
|
| |
| |
| |
| |
| |
| | |
Reviewed by: stas
Approved by: benl (maintainer)
MFC after: 3 days
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
Security: FreeBSD-SA-12:01.openssl (revised)
Security: FreeBSD-SA-12:02.crypt
Approved by: so (bz, simon)
|
| |
| |
| |
| |
| |
| |
| | |
Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109
Security: CVE-2012-0884, CVE-2012-2110
Security: FreeBSD-SA-12:01.openssl
Approved by: so (bz,simon)
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
multi-threaded use of ECDH.
Security: CVE-2011-3210
Reviewed by: stas
Obtained from: OpenSSL CVS
Approved by: re (kib)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
cause OpenSSL to parse past the end of the message.
Note: Applications are only affected if they act as a server and call
SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes
Apache httpd >= 2.3.3, if configured with "SSLUseStapling On".
Security: http://www.openssl.org/news/secadv_20110208.txt
Security: CVE-2011-0014
Obtained from: OpenSSL CVS
|
|\ \
| |/
| |
| |
| |
| | |
Security: CVE-2010-4180
Security: http://www.openssl.org/news/secadv_20101202.txt
MFC after: 3 days
|
| |
| |
| |
| |
| | |
Security: CVE-2010-3864
Security: http://www.openssl.org/news/secadv_20101116.txt
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It has yet to be determined if this warrants a FreeBSD Security
Advisory, but we might as well get it fixed in the normal branches.
Obtained from: OpenSSL CVS
Security: CVE-2010-2939
X-MFC after: Not long...
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make inline assembler clang-friendly [from HEAD].
openssl/crypto/md32_common.h 1.45.2.1 -> 1.45.2.2
openssl/crypto/rc5/rc5_locl.h 1.8 -> 1.8.8.1
Approved by: simon
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m)
but not -STABLE branches.
I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD.
This will be investigated further.
Security: CVE-2010-0433, CVE-2010-0740
Security: http://www.openssl.org/news/secadv_20100324.txt
|
| |
| |
| |
| |
| |
| | |
mergemaster.
Suggested by: dougb
|
|\ \
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This also "reverts" some FreeBSD local changes so we should now
be back to using entirely stock OpenSSL. The local changes were
simple $FreeBSD$ lines additions, which were required in the CVS
days, and the patch for FreeBSD-SA-09:15.ssl which has been
superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation
extension' support.
MFC after: 3 weeks
|