Commit Graph

9 Commits (213b1e7105bc4577cff162e1d82eb3be2251ca0a)

Author SHA1 Message Date
Hauke Mehrtens 82c491708b openssl: update to version 1.0.2e
This fixes the following security problems:
* CVE-2015-3193
* CVE-2015-3194
* CVE-2015-3195)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

SVN-Revision: 47726
2015-12-03 21:01:57 +00:00
Jo-Philipp Wich 48d9137d31 openssl: update to v1.0.2d (CVE-2015-1793)
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.

This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46285
2015-07-09 13:04:27 +00:00
Steven Barth 89c8d78d31 openssl: 1.0.2b (hey, we made it nearly 3 months this time!)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45946
2015-06-11 20:28:44 +00:00
Steven Barth 3006bc6904 openssl: biweekly critical security update
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44900
2015-03-20 08:14:42 +00:00
Steven Barth 2ca8a6cce4 openssl: bump to 1.0.2
Fixes CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44332
2015-02-09 12:04:00 +00:00
Steven Barth dbca1e5662 openssl: bump to 1.0.1j
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 43875
2015-01-08 18:29:26 +00:00
Jo-Philipp Wich 7949a3d381 openssl: update to v1.0.1j (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)
Also refresh patches and bump copyright year in Makefile.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 42929
2014-10-16 08:32:54 +00:00
Felix Fietkau c2bbaf439c openssl: update to 1.0.1f
This version includes this changes:

    Don't include gmt_unix_time in TLS server and client random values
    Fix for TLS record tampering bug CVE-2013-4353
    Fix for TLS version checking bug CVE-2013-6449
    Fix for DTLS retransmission bug CVE-2013-6450

Signed-off-by: Peter Wagner <tripolar@gmx.at>

SVN-Revision: 39853
2014-03-09 13:23:41 +00:00
Felix Fietkau 7e6b26a1f3 openssl: add parallel build support
Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 37927
2013-09-10 12:09:13 +00:00