src-test/crypto/openssl, branch stable/6 FreeBSD source tree https://cgit-dev.freebsd.org/src-test/atom?h=stable%2F6 2009-12-03T09:18:40Z Disable SSL renegotiation in order to protect against a serious 2009-12-03T09:18:40Z Colin Percival cperciva@FreeBSD.org 2009-12-03T09:18:40Z urn:sha1:744662b32c941e07d6f8b8560976cecc257aaef8 protocol flaw. [09:15] Correctly handle failures from unsetenv resulting from a corrupt environment in rtld-elf. [09:16] Fix permissions in freebsd-update in order to prevent leakage of sensitive files. [09:17] Approved by: so (cperciva) Security: FreeBSD-SA-09:15.ssl Security: FreeBSD-SA-09:16.rtld Security: FreeBSD-SA-09:17.freebsd-udpate Don't leak information via uninitialized space in db(3) records. [09:07] 2009-04-22T14:07:14Z Colin Percival cperciva@FreeBSD.org 2009-04-22T14:07:14Z urn:sha1:580e89b3bf883799f480ef10d52ae83d8cc6c5fe Sanity-check string lengths in order to stop OpenSSL crashing when printing corrupt BMPString or UniversalString objects. [09:08] Security: FreeBSD-SA-09:07.libc Security: FreeBSD-SA-09:08.openssl Security: CVE-2009-0590 Approved by: re (kensmith) Approved by: so (cperciva) This time really commit the OpenSSL part of the advisory round to 2009-01-07T21:03:41Z Simon L. B. Nielsen simon@FreeBSD.org 2009-01-07T21:03:41Z urn:sha1:f84286e84fcb34d283281567a2476cf95bc0ee6e stable/6: Fix incorrect OpenSSL checks for malformed signatures due to invalid check of return value from EVP_VerifyFinal(), DSA_verify, and DSA_do_verify. Security: FreeBSD-SA-09:02.openssl Obtained from: OpenSSL Project Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers(). 2007-10-03T21:39:43Z Simon L. B. Nielsen simon@FreeBSD.org 2007-10-03T21:39:43Z urn:sha1:1560e66d537dbe85c3d1f88bfc072a3f79720815 Correct problem in the 2006-09-28 patch concerning the handling of 2006-09-29T13:44:03Z Colin Percival cperciva@FreeBSD.org 2006-09-29T13:44:03Z urn:sha1:01b0ed4031a1a2746270718a569139d0aced74de excessively large DH moduli. Reported by: Steve Kiernan (Juniper SIRT) Security: FreeBSD-SA-06:23.openssl Approved by: re (kensmith) Correct multiple vulnerabilities in crypto(3). 2006-09-28T13:02:36Z Colin Percival cperciva@FreeBSD.org 2006-09-28T13:02:36Z urn:sha1:68243cc7d13a958d59b5dfb4eaa677ac3d953c5e Limit the size of public keys used in order to protect applications from a denial of service via insane key sizes. Security: FreeBSD-SA-06:23.openssl Approved by: re (htimsnek) Correct incorrect PKCS#1 v1.5 padding validation in crypto(3). [1] 2006-09-06T21:20:54Z Simon L. B. Nielsen simon@FreeBSD.org 2006-09-06T21:20:54Z urn:sha1:98b50d797300ec54b29cbac0bad3791761af0b71 Correct multiple denial-of-service vulnerabilities in BIND related to SIG Query Processing and Excessive Recursive Queries. [2] Security: FreeBSD-SA-06:19.openssl [1] Security: FreeBSD-SA-06:20.bind [2] Fix a bug in the padlock engine when handling small data blocks. This 2006-07-30T14:03:03Z Simon L. B. Nielsen simon@FreeBSD.org 2006-07-30T14:03:03Z urn:sha1:8106d843a45786d24e6f1f4aacbf2abbbca05a70 could cause problem e.g. when using OpenVPN. This is a direct commit to RELENG_6 since the issue was fixed by the OpenSSL 0.9.8b import in -CURRENT. PR: bin/86598 Submitted by: Mike Tancsa <mike@sentex.net> Tested by: Mike Tancsa, pjd Obtained from: OpenSSL CVS (eng_padlock.c 1.12 -> 1.13 diff) Correct a man-in-the-middle SSL version rollback vulnerability. 2005-10-11T11:53:03Z Colin Percival cperciva@FreeBSD.org 2005-10-11T11:53:03Z urn:sha1:2e78fee2396410636caecd5addac787230a1efc2 Security: FreeBSD-SA-05:21.openssl Approved by: re@ (scottl) File removed in update from OpenSSL 0.9.7d -> 0.9.7e. 2005-02-25T06:22:30Z Jacques Vidrine nectar@FreeBSD.org 2005-02-25T06:22:30Z urn:sha1:72a11ddc6c9aead35abe1afcda16e690dc08472a