279264 |
25-Feb-2015 |
delphij |
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 1.0.1l. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so |
277195 |
14-Jan-2015 |
delphij |
Fix multiple vulnerabilities in OpenSSL. [SA-15:01]
Approved by: so |
271304 |
09-Sep-2014 |
delphij |
Fix multiple OpenSSL vulnerabilities:
The receipt of a specifically crafted DTLS handshake message may cause OpenSSL to consume large amounts of memory. [CVE-2014-3506]
The receipt of a specifically crafted DTLS packet could cause OpenSSL to leak memory. [CVE-2014-3507]
A flaw in OBJ_obj2txt may cause pretty printing functions such as X509_name_oneline, X509_name_print_ex et al. to leak some information from the stack. [CVE-2014-3508]
OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject to a denial of service attack. [CVE-2014-3510]
If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension it could write up to 255 bytes to freed memory. [CVE-2014-3509]
A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate TLS 1.0 instead of higher protocol versions when the ClientHello message is badly fragmented. [CVE-2014-3511]
A malicious client or server can send invalid SRP parameters and overrun an internal buffer. [CVE-2014-3512]
A malicious server can crash the client with a NULL pointer dereference by specifying a SRP ciphersuite even though it was not properly negotiated with the client. [CVE-2014-5139]
Security: CVE-2014-3506, CVE-2014-3507, CVE-2014-3508, CVE-2014-3510, CVE-2014-3509, CVE-2014-3511, CVE-2014-3512, CVE-2014-5139 Security: FreeBSD-SA-14:18.openssl Approved by: so |
259065 |
07-Dec-2013 |
gjb |
- Copy stable/10 (r259064) to releng/10.0 as part of the 10.0-RELEASE cycle. - Update __FreeBSD_version [1] - Set branch name to -RC1
[1] 10.0-CURRENT __FreeBSD_version value ended at '55', so start releng/10.0 at '100' so the branch is started with a value ending in zero.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
246772 |
13-Feb-2013 |
jkim |
Merge OpenSSL 1.0.1e.
Approved by: secteam (simon), benl (silence)
|
238405 |
12-Jul-2012 |
jkim |
Merge OpenSSL 1.0.1c.
Approved by: benl (maintainer)
|
237657 |
27-Jun-2012 |
jkim |
Merge OpenSSL 0.9.8x.
Reviewed by: stas Approved by: benl (maintainer) MFC after: 3 days
|
234954 |
03-May-2012 |
bz |
Fix multiple OpenSSL vulnerabilities.
Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109 Security: CVE-2012-0884, CVE-2012-2110 Security: FreeBSD-SA-12:01.openssl Approved by: so (bz,simon)
|
215697 |
22-Nov-2010 |
simon |
Merge OpenSSL 0.9.8p into head.
Security: CVE-2010-3864 Security: http://www.openssl.org/news/secadv_20101116.txt
|
206046 |
01-Apr-2010 |
simon |
Merge OpenSSL 0.9.8n into head.
This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m) but not -STABLE branches.
I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD. This will be investigated further.
Security: CVE-2010-0433, CVE-2010-0740 Security: http://www.openssl.org/news/secadv_20100324.txt
|
205128 |
13-Mar-2010 |
simon |
Merge OpenSSL 0.9.8m into head.
This also "reverts" some FreeBSD local changes so we should now be back to using entirely stock OpenSSL. The local changes were simple $FreeBSD$ lines additions, which were required in the CVS days, and the patch for FreeBSD-SA-09:15.ssl which has been superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation extension' support.
MFC after: 3 weeks
|
194206 |
14-Jun-2009 |
simon |
Merge OpenSSL 0.9.8k into head.
Approved by: re
|
191381 |
22-Apr-2009 |
cperciva |
Don't leak information via uninitialized space in db(3) records. [09:07]
Sanity-check string lengths in order to stop OpenSSL crashing when printing corrupt BMPString or UniversalString objects. [09:08]
Security: FreeBSD-SA-09:07.libc Security: FreeBSD-SA-09:08.openssl Security: CVE-2009-0590 Approved by: re (kensmith) Approved by: so (cperciva)
|
169883 |
22-May-2007 |
simon |
Fix runtime crash in OpenSSL with "Illegal instruction" by making some casts a bit less evil.
This was e.g. seen when using portsnap as:
Fetching snapshot tag from portsnap3.FreeBSD.org... Illegal instruction
Note the patch is slightly different from kan's original patch to match style in the OpenSSL source files a bit better.
Submitted by: kan Tested by: many
|
167613 |
15-Mar-2007 |
simon |
This commit was generated by cvs2svn to compensate for changes in r167612, which included commits to RCS files with non-trunk default branches.
|
162912 |
01-Oct-2006 |
simon |
This commit was generated by cvs2svn to compensate for changes in r162911, which included commits to RCS files with non-trunk default branches.
|
160815 |
29-Jul-2006 |
simon |
This commit was generated by cvs2svn to compensate for changes in r160814, which included commits to RCS files with non-trunk default branches.
|
142431 |
25-Feb-2005 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r142430, which included commits to RCS files with non-trunk default branches.
|
142426 |
25-Feb-2005 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r142425, which included commits to RCS files with non-trunk default branches.
|
127129 |
17-Mar-2004 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r127128, which included commits to RCS files with non-trunk default branches.
|
120632 |
01-Oct-2003 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r120631, which included commits to RCS files with non-trunk default branches.
|
111148 |
19-Feb-2003 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r111147, which included commits to RCS files with non-trunk default branches.
|
110006 |
28-Jan-2003 |
markm |
Remove files no longer on OpenSSL 0.9.7. crypto/des/rnd_keys.c is retained as it is still used.
|
109999 |
28-Jan-2003 |
markm |
This commit was generated by cvs2svn to compensate for changes in r109998, which included commits to RCS files with non-trunk default branches.
|
101614 |
10-Aug-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r101613, which included commits to RCS files with non-trunk default branches.
|
101387 |
05-Aug-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r101386, which included commits to RCS files with non-trunk default branches.
|
100937 |
30-Jul-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r100936, which included commits to RCS files with non-trunk default branches.
|
100932 |
30-Jul-2002 |
nectar |
Remove many obsolete files. The majority of these are simply no longer included as part of the OpenSSL distribution. However, a few we just don't need and are explicitly excluded in FREEBSD-Xlist.
|
100929 |
30-Jul-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r100928, which included commits to RCS files with non-trunk default branches.
|
89838 |
27-Jan-2002 |
kris |
This commit was generated by cvs2svn to compensate for changes in r89837, which included commits to RCS files with non-trunk default branches.
|
79999 |
19-Jul-2001 |
kris |
This commit was generated by cvs2svn to compensate for changes in r79998, which included commits to RCS files with non-trunk default branches.
|
76867 |
20-May-2001 |
kris |
This commit was generated by cvs2svn to compensate for changes in r76866, which included commits to RCS files with non-trunk default branches.
|
72614 |
18-Feb-2001 |
kris |
This commit was generated by cvs2svn to compensate for changes in r72613, which included commits to RCS files with non-trunk default branches.
|
68652 |
13-Nov-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r68651, which included commits to RCS files with non-trunk default branches.
|
59192 |
13-Apr-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r59191, which included commits to RCS files with non-trunk default branches.
|
55715 |
10-Jan-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r55714, which included commits to RCS files with non-trunk default branches.
|