|  | Commit message (Collapse) | Author | Files | Lines | 
|---|
|  | hardware.
The vendor_defns/cswift.h does not specify a copyright and
theoretically defaults to the OpenSSL license, but it also mentions
that it includes parts that have been "clipped" from CryptoSwift's
proprietary headers.  This file should better include an explicit
copyright statement or mention OpenSSL's library instead of the
ambiguous "Attribution notice".
ok deraadt@ | 
|  | The vendor_defns/sureware.h file by Baltimore Technologies Ltd. has a
copyright that does not grant rights!
Vendor files should either include a compatible license in the
copyright statement or use OpenSSL's defaults, but adding a copyright
statement without any terms is not acceptable.  It should not have
been included in the first place.
ok deraadt@ | 
|  | The vendor_defns/hw_ubsec.h file has a copyright that does not grant rights!
Vendor files should either include a compatible license in the
copyright statement or use OpenSSL's defaults, but adding a copyright
statement without any terms is not acceptable.  It should not have
been included in the first place.
(The ubsec(4) kernel driver is not affected by this change)
ok deraadt@ | 
|  | old PCI accelerator that was EOL'ed in 2005.
ok deraadt@ | 
|  |  | 
|  |  | 
|  | ok miod | 
|  | ok miod | 
|  | by anything in userland. | 
|  | so that libssl no longer need to access the non-external headers of libcrypto
to build.
No library bump, riding upon the recent update. | 
|  | and libssl major (ssl_check_clienthello_tlsext split into two functions) | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.
ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects. | 
|  |  | 
|  | issue. Apply that version. Maybe someday upstream will wake up and then
we can have the same code.
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest | 
|  |  | 
|  | I am completely blown away that the same IETF that cannot efficiently
allocate needed protocol, service numbers, or other such things when
they are needed, can so quickly and easily rubber stamp the addition
of a 64K Covert Channel in a critical protocol.  The organization
should look at itself very carefully, find out how this this happened,
and everyone who allowed this to happen on their watch should be
evicted from the decision making process.  IETF, I don't trust you.
ok tedu markus | 
|  | ok deraadt | 
|  | ok benno deraadt | 
|  | Notably this removes CAcert who it turns out have strict requirements on
redistribution (http://www.cacert.org/policy/RootDistributionLicense.php)
which we don't meet. | 
|  | - Baltimore CyberTrust Root
- Deutsche Telekom Root CA 2
- T-TeleSec GlobalRoot Class 2
- T-TeleSec GlobalRoot Class 3
ok sthen@ | 
|  |  | 
|  | OpenSSL git; ok sthen@ | 
|  | For inet(3), go the other way, remove some bogus symlinks.
Found while testing the new makewhatis(8).
ok jmc@ | 
|  | This is merely a by-product of figuring out the amount of phk@ code
contained herein; i'm not planning to hack on this file. | 
|  | this license change. We will remember that we all still like beer. | 
|  |  | 
|  |  | 
|  |  | 
|  | use better constant for salt size.
always copy ":" to gerror, in case somebody is dumb enough to overwrite it
timingsafe_bcmp before somebody whines about strcmp | 
|  |  | 
|  | add some friendlier functions.
move the classic static data api into wrapper functions.
a few more changes to come... | 
|  |  | 
|  |  | 
|  |  | 
|  |  | 
|  | this hardware alive is becoming increasingly difficult, and I should heed the
message sent by the three disks which have died on me over the last few days.
Noone sane will mourn these ports anyway. So long, and thanks for the fish. | 
|  | that might fail.
* Keep the build log clean.
* Make sure syntax checks run again when doing:  make clean; make
ok espie@ | 
|  | okay guenther@ | 
|  | Note that I missed two of these in the diff shown initially, thx
to the atrocious Makefile rule...
okay millert@, sthen@, basically | 
|  | netinet/if_ether.h | 
|  | (namespace pollution!) or talking about its opinion on code.
ok krw@ | 
|  | tweaks jmc@
OK krw@, gilles@, lteo@, tedu@, todd@, benno@, sthen@
"The time is right." and much help getting the show on the
road deraadt@ | 
|  | unless -V is passed (intent of the previous commit), and use SOL_SOCKET
instead of IPPROTO_IP to set the rtable in local_listen().  ok sthen@ | 
|  | CVE-2013-4353 NULL pointer dereference with crafted Next Protocol
 Negotiation record in TLS handshake.
Upstream: 197e0ea
CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client.
Upstream: ca98926, 0294b2b
CVE-2013-6450 Fix DTLS retransmission from previous session.
Upstream: 3462896 | 
|  | like for any other process as well. OK by many |