openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	MFC:OPENBSD_4_7	djm	2011-02-11	1	-1/+7
\| \| \| \| \| \| \| \| \| \| \|	---------------------------- revision 1.8 date: 2011/02/10 22:40:27; author: djm; state: Exp; lines: +7 -1 fix for CVE-2011-0014 "OCSP stapling vulnerability"; ok markus@ jasper@ miod@ AFAIK nothing in base uses this, though apache2 from ports may be affected. ----------------------------
*	Security fix for CVE-2010-4180 as mentioned in ↵	jasper	2010-12-15	2	-0/+8
\| \| \| \| \| \| \| \| \| \| \|	http://www.openssl.org/news/secadv_20101202.txt. where clients could modify the stored session cache ciphersuite and in some cases even downgrade the suite to weaker ones. This code is not enabled by default. ok djm@
*	- Apply security fix for CVE-2010-3864.	jasper	2010-11-17	1	-4/+14
\| \| \| \|	ok djm@ deraadt@
*	ecurity fix for CVE-2010-0740	jasper	2010-03-31	1	-3/+4
\| \| \| \| \| \| \| \| \|	"In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL." http://openssl.org/news/secadv_20100324.txt ok djm@ sthen@
*	This commit was manufactured by cvs2git to create branch 'OPENBSD_4_7'.	cvs2svn	2010-03-10	95	-38285/+0
\|
*	cherrypick patch from OpenSSL 0.9.8m:	djm	2010-03-04	4	-8/+11
\| \| \| \| \|	*) Always check bn_wexpend() return values for failure. (CVE-2009-3245) [Martin Olsson, Neel Mehta]
*	Use MACHINE_CPU instead of MACHINE_ARCH to pick the correct machine dependent	miod	2010-02-03	1	-6/+8
\| \| \| \| \| \| \|	files or directories when applicable. The inspiration and name of MACHINE_CPU come from NetBSD, although the way to provide it to Makefiles is completely different. ok kettenis@
*	add a fix from OpenSSL CVS for SA38200.	jasper	2010-01-31	1	-10/+7
\| \| \| \| \| \| \| \|	"Modify compression code so it avoids using ex_data free functions. This stops applications that call CRYPTO_free_all_ex_data() prematurely leaking memory." looks ok to markus@
*	new ipsca root.	dlg	2009-12-31	1	-0/+108
\|
*	ipsca has expired	dlg	2009-12-31	1	-51/+0
\|
*	plug a memory leak; found by parfait, ok djm	deraadt	2009-12-11	1	-0/+2
\|
*	pull Ben Lauries blind prefix injection fix for CVE-2009-3555 from	markus	2009-11-10	10	-12/+40
\| \| \| \|	openssl 0.9.8l; crank minor version; ok djm@ deraadt@; initially from jsg@
*	s/Mhz/MHz/, MHz is a multiple of the SI unit hertz (whose symbol is Hz).	sobrado	2009-10-31	2	-4/+4
\|
*	another cert that makes godaddy.com and launchpad.net (among others) happy.	fgsch	2009-10-12	1	-0/+51
\| \| \| \| \|	found by Guillaume Protet (guillaume dot protet at mortheres dot info) while testing bzr update. deraadt@ ok
*	remove expired certificates and add startcom ltd.	fgsch	2009-08-08	1	-839/+148
\| \| \| \|	beck@ ok
*	pull string for memcpy; ok hshoexer@	martynas	2009-08-07	1	-1/+2
\|
*	add ipsCA as a valid authority.	dlg	2009-05-25	1	-0/+51
\| \| \| \|	ok beck@
*	resync libssl/libcrypto pod documentation - quite a few more pages and	djm	2009-04-10	1	-27/+242
\| \| \| \|	MLINKS; feedback and ok jmc@
*	crankus majoris	djm	2009-04-06	3	-3/+3
\|
*	resolve conflicts	djm	2009-04-06	52	-176/+308
\|
*	This commit was generated by cvs2git to track changes on a CVS vendor	djm	2009-04-06	7	-11/+18
\|\ \| \| \| \|	branch.
\| *	import of OpenSSL 0.9.8k	djm	2009-04-06	64	-173/+330
\| \|
* \|	This commit was generated by cvs2git to track changes on a CVS vendor	djm	2009-04-06	34	-117/+18119
\|\ \ \| \| \| \| \| \|	branch.
\| * \|	import of OpenSSL 0.9.8k	djm	2009-04-06	37	-135/+18140
\| \| \|
* \| \|	missing ssl_sock_init() call in init_client() (used by	djm	2009-01-30	1	-3/+10
\| \| \| \| \| \| \| \| \| \| \| \|	"openssl s_client"), fix an unlikely memory leak
* \| \|	remove some gratuitous changes that do nothing other than inrease	djm	2009-01-30	1	-2/+1
\| \| \| \| \| \| \| \| \| \| \| \|	the size of the diff against openssl mainline
* \| \|	convert a strdup (into a purpose-allocated buffer) in libcrypto to a	djm	2009-01-12	1	-2/+3
\| \| \| \| \| \| \| \| \| \| \| \|	memcpy to avoid linker deprecation warnings; pointed out by dkrause@
* \| \|	openssl-0.9.8j enables RFC3546 TLS extensions by default (e.g. the very	djm	2009-01-09	13	-39/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	useful "server name indication" that allows multihomed TLS server), so remove the #define to disable it here
* \| \|	adjust Makefile and crank major for openssl-0.9.8j	djm	2009-01-09	17	-16/+56
\| \| \|
* \| \|	resolve conflicts	djm	2009-01-09	301	-4804/+6983
\| \| \|
* \| \|	This commit was generated by cvs2git to track changes on a CVS vendor	djm	2009-01-09	4	-9/+15
\|\ \ \ \| \| \| \| \| \| \| \|	branch.
\| * \| \|	import openssl-0.9.8j	djm	2009-01-09	23	-96/+299
\| \| \| \|
* \| \| \|	This commit was generated by cvs2git to track changes on a CVS vendor	djm	2009-01-09	127	-3471/+17440
\|\ \ \ \ \| \| \|_\|/ \| \|/\| \|	branch.
\| * \| \|	import openssl-0.9.8j	djm	2009-01-09	439	-7223/+24970
\| \| \| \|
* \| \| \|	This commit was generated by cvs2git to track changes on a CVS vendor	djm	2009-01-09	43	-95/+1439
\|\ \ \ \ \| \| \|_\|/ \| \|/\| \|	branch.
\| * \| \|	import openssl-0.9.8j	djm	2009-01-09	63	-558/+2236
\| \| \| \|
\| * \| \|	This commit was manufactured by cvs2git to create branch 'OPENSSL'.	cvs2svn	2009-01-05	4	-0/+2088
\| \| \| \|
* \| \| \|	Add a missing MLINK for BIO_new_socket.	oga	2009-01-08	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Noticed by blambert@. Ok jmc@.
* \| \| \|	update to openssl-0.9.8i; tested by several, especially krw@	djm	2009-01-05	136	-2902/+4741
\| \| \| \|
* \| \| \|	fix some cause of bad TEXTREL on i386 and amd64	otto	2008-09-19	5	-14/+64
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	- global function calls in .init sections (diff makes them via PLT) - calls to global functions in aes-586.S (made static or local) - global variable accesses in rc4-x86_64.S (now made via GOT) from djm@large; ok miod@
* \| \| \|	use one call to arc4random_buf() instead of lots of arc4random()	djm	2008-09-10	1	-8/+2
\| \| \| \|
* \| \| \|	turn off CAST assembler code (i.e. use C implementation) as it has bad	djm	2008-09-08	1	-3/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	relocations that lead to libcrypto.so being marked TEXTREL; linker-fu from drahn@ "go ahead" deraadt@
* \| \| \|	sparc now requires this bloated library to be -fPIC	deraadt	2008-09-07	1	-1/+5
\| \| \| \|
* \| \| \|	Fix merge botch.	kettenis	2008-09-07	1	-3/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	ok miod@
* \| \| \|	remove duplicate definition of OPENSSL_DSA_MAX_MODULUS_BITS spotted	djm	2008-09-06	1	-2/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	by dtucker@
* \| \| \|	remerge local tweaks, update per-arch configuration headers, update	djm	2008-09-06	26	-98/+875
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Makefiles, crank shlib_version
* \| \| \|	resolve conflicts	djm	2008-09-06	697	-15897/+44294
\| \| \| \|
* \| \| \|	This commit was generated by cvs2git to track changes on a CVS vendor	djm	2008-09-06	20	-1/+7194
\|\ \ \ \ \| \| \|_\|/ \| \|/\| \|	branch.
\| * \| \|	import of OpenSSL 0.9.8h	djm	2008-09-06	62	-1452/+13147
\| \| \| \|
\| * \| \|	import of openssl-0.9.7j	djm	2006-06-27	14	-539/+650
\| \| \| \|