Changeset 30700


Ignore:
Timestamp:
Sep 27, 2016, 9:52:28 AM (5 months ago)
Author:
brainslayer
Message:

update openssl

Location:
src/router/openssl
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • src/router/openssl/CHANGES

    r30692 r30700  
    22 OpenSSL CHANGES
    33 _______________
     4
     5 Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
     6
     7  *) Missing CRL sanity check
     8
     9     A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
     10     but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
     11     CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
     12
     13     This issue only affects the OpenSSL 1.0.2i
     14     (CVE-2016-7052)
     15     [Matt Caswell]
    416
    517 Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
  • src/router/openssl/NEWS

    r30692 r30700  
    55  This file gives a brief overview of the major changes between each OpenSSL
    66  release. For more details please read the CHANGES file.
     7
     8  Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
     9
     10      o Fix Use After Free for large message sizes (CVE-2016-6309)
    711
    812  Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
  • src/router/openssl/README

    r30692 r30700  
    11
    2  OpenSSL 1.0.2i 22 Sep 2016
     2 OpenSSL 1.0.2j 26 Sep 2016
    33
    44 Copyright (c) 1998-2015 The OpenSSL Project
  • src/router/openssl/crypto/opensslv.h

    r30692 r30700  
    3131 *  major minor fix final patch/beta)
    3232 */
    33 # define OPENSSL_VERSION_NUMBER  0x1000209fL
     33# define OPENSSL_VERSION_NUMBER  0x100020afL
    3434# ifdef OPENSSL_FIPS
    35 #  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2i-fips  22 Sep 2016"
     35#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2j-fips  26 Sep 2016"
    3636# else
    37 #  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2i  22 Sep 2016"
     37#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2j  26 Sep 2016"
    3838# endif
    3939# define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
  • src/router/openssl/crypto/x509/x509_vfy.c

    r30692 r30700  
    11251125        reasons = *preasons;
    11261126        crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
    1127         if (crl_score < best_score)
     1127        if (crl_score < best_score || crl_score == 0)
    11281128            continue;
    11291129        /* If current CRL is equivalent use it if it is newer */
    1130         if (crl_score == best_score) {
     1130        if (crl_score == best_score && best_crl != NULL) {
    11311131            int day, sec;
    11321132            if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
  • src/router/openssl/openssl.spec

    r30692 r30700  
    88Summary: Secure Sockets Layer and cryptography libraries and tools
    99Name: openssl
    10 Version: 1.0.2i
     10Version: 1.0.2j
    1111Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
    1212License: OpenSSL
  • src/router/openssl/ssl/t1_ext.c

    r30490 r30700  
    276276    case TLSEXT_TYPE_elliptic_curves:
    277277    case TLSEXT_TYPE_heartbeat:
     278# ifndef OPENSSL_NO_NEXTPROTONEG
    278279    case TLSEXT_TYPE_next_proto_neg:
     280# endif
    279281    case TLSEXT_TYPE_padding:
    280282    case TLSEXT_TYPE_renegotiate:
Note: See TracChangeset for help on using the changeset viewer.