| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
as configuration files; split manpages and .pc files between libcrypto and
libssl.
No functional change, only there to make engineering easier, and libcrypto
sources are still found in libssl/src/crypto at the moment.
ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.
|
| | |
|
| |
|
|
|
|
| |
issue. Apply that version. Maybe someday upstream will wake up and then
we can have the same code.
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
I am completely blown away that the same IETF that cannot efficiently
allocate needed protocol, service numbers, or other such things when
they are needed, can so quickly and easily rubber stamp the addition
of a 64K Covert Channel in a critical protocol. The organization
should look at itself very carefully, find out how this this happened,
and everyone who allowed this to happen on their watch should be
evicted from the decision making process. IETF, I don't trust you.
ok tedu markus
|
| |
|
|
| |
ok deraadt
|
| |
|
|
| |
ok benno deraadt
|
| |
|
|
|
|
| |
Notably this removes CAcert who it turns out have strict requirements on
redistribution (http://www.cacert.org/policy/RootDistributionLicense.php)
which we don't meet.
|
| |
|
|
|
|
|
|
|
| |
- Baltimore CyberTrust Root
- Deutsche Telekom Root CA 2
- T-TeleSec GlobalRoot Class 2
- T-TeleSec GlobalRoot Class 3
ok sthen@
|
| |
|
|
| |
OpenSSL git; ok sthen@
|
| |
|
|
|
|
|
| |
this hardware alive is becoming increasingly difficult, and I should heed the
message sent by the three disks which have died on me over the last few days.
Noone sane will mourn these ports anyway. So long, and thanks for the fish.
|
| |
|
|
|
|
|
| |
that might fail.
* Keep the build log clean.
* Make sure syntax checks run again when doing: make clean; make
ok espie@
|
| |
|
|
| |
okay guenther@
|
| |
|
|
|
|
|
| |
Note that I missed two of these in the diff shown initially, thx
to the atrocious Makefile rule...
okay millert@, sthen@, basically
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CVE-2013-4353 NULL pointer dereference with crafted Next Protocol
Negotiation record in TLS handshake.
Upstream: 197e0ea
CVE-2013-6449 Fix crash with crafted traffic from a TLS 1.2 client.
Upstream: ca98926, 0294b2b
CVE-2013-6450 Fix DTLS retransmission from previous session.
Upstream: 3462896
|
| | |
|
| |
|
|
|
|
|
|
|
| |
architectures. ok miod@ djm@
Upstream patch:
commit cdd1acd788020d2c525331da1712ada778f1373c
Author: Andy Polyakov <appro@openssl.org>
Date: Wed Dec 18 21:27:35 2013 +0100
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
members to 64bit types. Assign new syscall numbers for (almost
all) the syscalls that involve the affected types, including anything
with time_t, timeval, itimerval, timespec, rusage, dirent, stat,
or kevent arguments. Add a d_off member to struct dirent and replace
getdirentries() with getdents(), thus immensely simplifying and
accelerating telldir/seekdir. Build perl with -DBIG_TIME.
Bump the major on every single base library: the compat bits included
here are only good enough to make the transition; the T32 compat
option will be burned as soon as we've reached the new world are
are happy with the snapshots for all architectures.
DANGER: ABI incompatibility. Updating to this kernel requires extra
work or you won't be able to login: install a snapshot instead.
Much assistance in fixing userland issues from deraadt@ and tedu@
and build assistance from todd@ and otto@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
hyphen in their official programming guide sometime between 2003 and
2005, and Clang's integrated assembler does not support hyphenated
mnemonics.
ok jsg, deraadt
|
| |
|
|
|
| |
from the openssl git (changes between openssl 1.0.1c and 1.0.1d).
ok djm@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- additional cert's from GlobalSign.
- additional cert's from VeriSign and replace existing ones with
'Signature Algorithm: md2WithRSAEncryption' with their currently
distributed sha1WithRSAEncryption versions.
- new CAs: AddTrust (root for most Comodo certificates also heavily
used in academic networks), Comodo (most of their certs are rooted in
AddTrust but TERENA use the Comodo AAA Certificate Services root
for some things so add that separately), UserTrust Network/UTN
(part of Comodo) and Starfield (part of Go Daddy).
|
| |
|
|
| |
ok beck@ william@ todd@
|
| |
|
|
|
|
| |
and include sha1 signatures for all certs (some were missing).
No certificate changes, this is just for consistency. ok beck@
|
| |
|
|
|
|
| |
Remove intermediate GoDaddy certificate, this file should just contain roots.
ok beck@ phessler@
|
| |
|
|
|
|
|
|
|
|
| |
have to go through the PLT/GOT to get at them anymore. In fact going through
the GOT now fails since we no longer have a GOT entry for OPENSSL_ia32cap_P.
Fixes the problem spotted by jasper@ and sthen@. Based on a diff from mikeb@
who did most of the actual work of tracking down the issue.
ok millert@, mikeb@
|
| |
|
|
| |
Disable use of dladdr() on a.out arches, they do not provide it (yet);
|
| |
|
|
| |
major cranks
|
| | |
|
| | |
|
| |\
| |
| | |
branch.
|
| | | |
|
| |\ \
| | |
| | | |
branch.
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
branch.
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
and __PIC__ defines. Makes things easier for PIE.
ok djm@
|
| | | | |
| | | |
| | | |
| | | | |
ok guenther@
|
| | | | |
| | | |
| | | |
| | | | |
jmc@ noticed this in the manpage while updating it, but it applies here too.
|
| | | | |
| | | |
| | | |
| | | | |
Brad, jasper and naddy helped with test builds, fixing ports, etc.
|
| | | | |
| | | |
| | | |
| | | | |
ok miod@ deraadt@
|
| | | | | |
|
| | | | | |
|
| |\| | |
| | | |
| | | | |
branch.
|
| | | | | |
|
| |\ \ \ \
| | |_|/
| |/| | |
branch.
|
| | | | | |
|
| |\ \ \ \
| | |_|/
| |/| | |
branch.
|
