2016/03/01 15:50 willy@wtap.local * released openssl-1.0.1s-flx2.1 * updated to 1.0.1s 2016/02/25 10:47 willy@wtap.local * released openssl-1.0.1r-flx2.1 * backported the following extra fixes from 1.0.1-stable : - 0006-modes-ctr128.c-pay-attention-to-ecount_buf-alignment.patch - 0007-Fix-double-free-in-DSA-private-key-parsing.patch - 0008-GH714-missing-field-initialisation.patch * fixed a build.cfg issue causing a very late build error when FLXARCH is not set (trying to build as generic_32 due to FLX_BITS). * merged the gentoo fix for parallel build : - openssl-1.0.1p-parallel-build.patch * enabled automatic support for parallel build (FLXPMAKE) when possible 2015/12/03 20:07 willy@wtap.local * released openssl-1.0.1q-flx2.1 * updated to 1.0.1q * fixes CVE-2015-3194/5 * removed obsolete patches 2015/10/28 11:39 willy@wtap.local * released openssl-1.0.1p-flx2.2 2015/10/28 11:11 willy@wtap.local * added the following check for NULL deref : - bn_wexpand.patch 2015/10/27 21:17 willy@wtap.local * added the pending fixes from 1.0.1-stable. These ones fix a number of unchecked return values and null derefs : - 1001-Sort-sstacklst-correctly.patch - 1002-Exit-on-error-in-ecparam.patch - 1013-Fix-SSL_set_session_ticket_ext-when-used-with-SSLv23.patch - 1015-RT3774-double-free-in-DSA.patch - 1016-use-X9.31-keygen-by-default-in-FIPS-mode.patch - 1017-Clear-BN-mont-values-when-free-ing-it.patch - 1018-GH336-Return-an-exit-code-if-report-fails.patch - 1019-Fix-warning-when-compiling-with-no-ec2m.patch - 1020-Fix-seg-fault-with-0-p-val-in-SKE.patch - 1021-Check-for-0-modulus-in-BN_MONT_CTX_set.patch - 1022-Fix-missing-return-value-checks-in-SCTP.patch - 1023-Fix-make-test-seg-fault-with-SCTP-enabled.patch - 1024-Err-isn-t-always-malloc-failure.patch - 1025-Fix-memory-leak-if-setup-fails.patch - 1026-Return-error-for-unsupported-modes.patch - 1032-Fix-DTLS-session-ticket-renewal.patch - 1034-Fixed-problem-with-multiple-load-unload-of-comp-zlib.patch - 1036-bntest-don-t-dereference-the-d-array-for-a-zero-BIGN.patch - 1040-BN_mod_exp_mont_consttime-check-for-zero-modulus.patch - 1042-check-bn_new-return-value.patch - 1044-RT-3493-fix-RSA-test.patch - 1045-RT4002-check-for-NULL-cipher-in-p12_crpt.c.patch - 1048-Fix-building-with-OPENSSL_NO_TLSEXT.patch - 1049-Fix-session-resumption.patch - 1050-RT3754-check-for-NULL-pointer.patch - 1051-Use-default-field-separator.patch - 1052-Check-for-FIPS-mode-after-loading-config.patch - 1053-d2i-don-t-update-input-pointer-on-failure.patch - 1056-Make-no-psk-compile-without-warnings.patch - 1057-RT3757-base64-encoding-bugs.patch - 1058-base64-decode-check-for-high-bit.patch - 1059-Make-sure-OPENSSL_cleanse-checks-for-NULL.patch - 1062-Handle-SSL_ERROR_WANT_X509_LOOKUP.patch - 1063-Make-SRP-work-with-www.patch - 1064-Fix-SRP-memory-leaks.patch - 1065-RT3823-Improve-the-robustness-of-event-logging.patch - 1066-RT3479-Add-UTF8-support-to-BIO_read_filename.patch - 1068-Make-BUF_strndup-read-safe-on-arbitrary-inputs.patch - 1069-BUF_strndup-tidy.patch - 1073-SRP-memory-leak-fix.patch - 1074-RT2772-accept-empty-SessionTicket.patch - 1076-GH367-use-random-data-if-seed-too-short.patch - 1078-Fix-more-d2i-cases-to-properly-update-the-input-poin.patch - 1079-Validate-ClientHello-extension-field-length.patch - 1080-Change-functions-to-pass-in-a-limit-rather-than-calc.patch - 1081-Don-t-try-and-parse-boolean-type.patch - 1082-Set-flags-to-0-before-calling-BN_with_flags.patch - 1083-Move-BN_CTX_start-call-so-the-error-case-can-always-.patch - 1084-When-ENGINE_add-finds-that-id-or-name-is-missing-act.patch - 1085-Don-t-treat-a-bare-OCTETSTRING-as-DigestInfo-in-int_.patch - 1087-Avoid-SHA1-weakness.patch - 1088-Typo.patch - 1090-Do-not-treat-0-return-value-from-BIO_get_fd-as-error.patch - 1091-Replace-malloc-strlcpy-with-strdup.patch - 1092-Fix-memory-leaks-and-other-mistakes-on-errors.patch - 1093-Set-salt-length-after-the-malloc-has-succeeded.patch - 1096-Check-memory-allocation.patch 2015/10/27 21:15 willy@wtap.local * added the following fixes to fix two crashes : openssl-1.0.1p-ssl_new-error-handling.diff openssl-1.0.1p-ssl3_free-null-deref.diff 2015/07/10 12:05 emeric@ebr-laptop * released openssl-1.0.1p-flx2.1 * fix vulnerabilities 2015/06/23 17:54 emeric@ebr-laptop * released openssl-1.0.1o-flx2.1 2015/04/07 14:33 emeric@ebr-laptop * released openssl-1.0.1m-flx2.1 * Remove cryptodev * Re-align all patches with mainline 1.0.1m 2015/02/11 14:40 willy@wtap.local * released openssl-1.0.1l-flx2.3 * removed accidental enable-ec_nistp_64_gcc_128 which remained in the default build options and broke 32-bit build 2015/02/04 18:02 emeric@ebr-desktop * released openssl-1.0.1l-flx2.2 * add option enable-ec_nistp_64_gcc_128 to enhance ECHDE performances 2015/02/02 14:29 willy@wtap.local * released openssl-1.0.1l-flx2.1 * upgraded to 1.0.1l * updated the small-records patch to remove changes to test files * removed fix-segfault-in-verify-param.diff 2014/11/13 14:41 willy@wtap.local * released openssl-1.0.1j-flx2.2 * add the following fixes to handle OOM situations : - 0001-no-wbuf-during-handshake.diff - 0002-release-rbuf-during-handshake.diff - fix-md-init-return-not-checked-cause-null-deref.diff - fix-segfault-in-verify-param.diff - small-records-1.0.1j.patch 2014/10/16 16:06 emeric@ebr-desktop * released openssl-1.0.1j-flx2.1 Fix for CVE-2014-3513 Fix for CVE-2014-3567 Mitigation for CVE-2014-3566 (SSL protocol vulnerability) Fix for CVE-2014-3568 2014/09/11 21:38 willy@wtap.local * released openssl-1.0.1i-flx2.1 2014/09/11 21:25 willy@wtap.local * upgraded to openssl-1.0.1i * fixed build issue for non-x86 archs : linux-elf is 586 for openssl !!! 2014/06/05 17:11 emeric@ebr-desktop * released openssl-1.0.1h-flx2.1 * CVE-2014-0224 fix 2014/05/20 12:00 roberto@pierot * released openssl-1.0.1g-flx2.4 : 0001-Extension-checking-fixes.patch 0002-Fix-double-frees.patch 0003-Fix-use-after-free.patch 0004-Fix-eckey_priv_encode.patch 0005-Double-free-in-i2o_ECPublicKey.patch 0006-fix-coverity-issues-966593-966596.patch 0007-Set-Enveloped-data-version-to-2-if-ktri-version-not-.patch 0008-Initialize-num-properly.patch 0009-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch 0010-evp-prevent-underflow-in-base64-decoding.patch 0011-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch 0012-fix-coverity-issue-966597-error-line-is-not-always-i.patch 0013-PR-3342-fix-resource-leak-coverity-issue-966577.patch 0014-coverity-966576-close-socket-in-error-path.patch 0015-Return-an-error-if-no-recipient-type-matches.patch 0016-safety-check-to-ensure-we-dont-send-out-beyond-the-u.patch 0017-Fix-infinite-loop.-PR-3347.patch 0018-Avoid-out-of-bounds-write-in-SSL_get_shared_ciphers.patch 0019-dgram_sctp_ctrl-authkey-memory-leak.patch 0020-Set-authkey-to-NULL-and-check-malloc-return-value.patch 0021-Replace-manual-ASN1-decoder-with-ASN1_get_object.patch 0022-Correct-the-return-type-on-the-signature-for-X509_ST.patch 0023-Check-sk_SSL_CIPHER_num-after-assigning-sk.patch 0024-Enc-doesn-t-support-AEAD-ciphers.patch 0025-Fix-signed-unsigned-warning.patch 0026-Allow-the-maximum-value.patch 0027-Fix-a-wrong-parameter-count-ERR_add_error_data.patch 2014/05/19 14:57 roberto@pierot * released openssl-1.0.1g-flx2.3 * CVE-2014-0198 openssl bugfix 2014/04/20 15:45 willy@wtap.local * released openssl-1.0.1g-flx2.2 * update to 1.0.1g to fix CVE-2014-0160 2014/02/01 10:02 willy@wtap.local * update to 1.0.1f * use $PKGVER in the download URL 2013/10/09 11:54 roberto@pierot * released openssl-1.0.1e-flx2.1 2013/01/21 15:50 willy@pcw.home.local * released openssl-1.0.1c-flx2.4 * fix build for any arm* platform 2013/01/14 14:08 willy@wtap * released openssl-1.0.1c-flx2.3 2012/12/31 11:33 willy@wtap * restored correct optimizations ; previous patch removed -O3 in favor of -Os which is slower (-2% measured) * removed obsolete flag -DSSL_ALLOW_ADH added by previous patch and which was removed in 0.9.5 in 2000 ! * removed forced options that are wrong on some platforms. The correct optimization options are already implied by the target OS. * added again support for ARM and SPARC which benefit from assembly code * added some error control in do_compile_only() 2012/10/08 10:26 emeric@ebr-laptop * released openssl-1.0.1c-flx2.2 * Fix missing optims and cipher patch. 2012/06/01 11:00 djc@wks-ddc.exosec.local * released openssl-1.0.1c-flx2.1 2011/10/07 11:34 willy@wtap * released openssl-0.9.8r-flx2.2 * use the arch-specific objdump utility * default architecture is not necessarily x86 2011/07/11 13:05 wlallemand@wlallemand-desktop * released openssl-0.9.8r-flx1.1 * upgrade to 0.9.8r * i586 and x86_64 packages 2010/11/30 15:32 emeric@ebr-laptop * released openssl-0.9.8p-flx1.1