308204 |
02-Nov-2016 |
delphij |
Fix OpenSSL remote DoS vulnerability. [SA-16:35]
Security: FreeBSD-SA-16:35.openssl Approved by: so |
306230 |
23-Sep-2016 |
delphij |
Fix multiple OpenSSL vulnerabilitites.
Approved by: so Security: FreeBSD-SA-16:26.openssl |
296341 |
03-Mar-2016 |
delphij |
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-16:12.openssl Approved by: so |
295061 |
30-Jan-2016 |
delphij |
Fix OpenSSL SSLv2 ciphersuite downgrade vulnerability.
Security: CVE-2015-3197 Security: FreeBSD-SA-16:11.openssl Approved by: so |
291854 |
05-Dec-2015 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:26.openssl Approved by: so |
284295 |
12-Jun-2015 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: FreeBSD-SA-15:10.openssl Approved by: so |
280268 |
19-Mar-2015 |
delphij |
Fix multiple OpenSSL vulnerabilities.
Security: FreeBSD-SA-15:06.openssl Security: CVE-2015-0209 Security: CVE-2015-0286 Security: CVE-2015-0287 Security: CVE-2015-0288 Security: CVE-2015-0289 Security: CVE-2015-0293 Approved by: so |
279264 |
25-Feb-2015 |
delphij |
Fix integer overflow in IGMP protocol. [SA-15:04]
Fix vt(4) crash with improper ioctl parameters. [EN-15:01]
Updated base system OpenSSL to 1.0.1l. [EN-15:02]
Fix freebsd-update libraries update ordering issue. [EN-15:03]
Approved by: so |
277195 |
14-Jan-2015 |
delphij |
Fix multiple vulnerabilities in OpenSSL. [SA-15:01]
Approved by: so |
273399 |
21-Oct-2014 |
delphij |
MFS r273149 (jkim): MFC: r273144, r273146
Merge OpenSSL 1.0.1j.
This is part of an upcoming FreeBSD security advisory.
Approved by: re (so@ blanket) |
272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
269686 |
07-Aug-2014 |
jkim |
MFC: r269682
Merge OpenSSL 1.0.1i.
|
267258 |
09-Jun-2014 |
jkim |
MFC: r267256
Merge OpenSSL 1.0.1h.
Approved by: so (delphij)
|
267103 |
05-Jun-2014 |
delphij |
Fix OpenSSL multiple vulnerabilities.
Security: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 Security: SA-14:14.openssl
|
265986 |
13-May-2014 |
delphij |
Fix OpenSSL NULL pointer deference vulnerability.
Obtained from: OpenBSD Security: FreeBSD-SA-14:09.openssl Security: CVE-2014-0198
|
265122 |
30-Apr-2014 |
delphij |
Fix devfs rules not applied by default for jails.
Fix OpenSSL use-after-free vulnerability.
Fix TCP reassembly vulnerability.
Security: FreeBSD-SA-14:07.devfs Security: CVE-2014-3001 Security: FreeBSD-SA-14:08.tcp Security: CVE-2014-3000 Security: FreeBSD-SA-14:09.openssl Security: CVE-2010-5298
|
264331 |
10-Apr-2014 |
jkim |
MFC: r261037, r264278
Merge OpenSSL 1.0.1f and 1.0.1g.
|
264266 |
08-Apr-2014 |
delphij |
Fix NFS deadlock vulnerability. [SA-14:05]
Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06]
|
260404 |
07-Jan-2014 |
delphij |
MFC r260403 (MFV r260399):
Apply vendor commits:
197e0ea Fix for TLS record tampering bug. (CVE-2013-4353). 3462896 For DTLS we might need to retransmit messages from the previous session so keep a copy of write context in DTLS retransmission buffers instead of replacing it after sending CCS. (CVE-2013-6450). ca98926 When deciding whether to use TLS 1.2 PRF and record hash algorithms use the version number in the corresponding SSL_METHOD structure instead of the SSL structure. The SSL structure version is sometimes inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already. (CVE-2013-6449).
Security: CVE-2013-4353 Security: CVE-2013-6449 Security: CVE-2013-6450
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
254107 |
08-Aug-2013 |
delphij |
MFV r254106 (OpenSSL bugfix for RT #2984):
Check DTLS_BAD_VER for version number.
The version check for DTLS1_VERSION was redundant as DTLS1_VERSION > TLS1_1_VERSION, however we do need to check for DTLS1_BAD_VER for compatibility.
Requested by: zi Approved by: benl
|
246772 |
13-Feb-2013 |
jkim |
Merge OpenSSL 1.0.1e.
Approved by: secteam (simon), benl (silence)
|
238405 |
12-Jul-2012 |
jkim |
Merge OpenSSL 1.0.1c.
Approved by: benl (maintainer)
|
237657 |
27-Jun-2012 |
jkim |
Merge OpenSSL 0.9.8x.
Reviewed by: stas Approved by: benl (maintainer) MFC after: 3 days
|
236304 |
30-May-2012 |
bz |
Update the previous openssl fix. [12:01]
Fix a bug in crypt(3) ignoring characters of a passphrase. [12:02]
Security: FreeBSD-SA-12:01.openssl (revised) Security: FreeBSD-SA-12:02.crypt Approved by: so (bz, simon)
|
234954 |
03-May-2012 |
bz |
Fix multiple OpenSSL vulnerabilities.
Security: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109 Security: CVE-2012-0884, CVE-2012-2110 Security: FreeBSD-SA-12:01.openssl Approved by: so (bz,simon)
|
225446 |
08-Sep-2011 |
delphij |
Fix SSL memory handlig for (EC)DH cipher suites, in particular for multi-threaded use of ECDH.
Security: CVE-2011-3210 Reviewed by: stas Obtained from: OpenSSL CVS Approved by: re (kib)
|
218625 |
12-Feb-2011 |
simon |
Fix Incorrectly formatted ClientHello SSL/TLS handshake messages could cause OpenSSL to parse past the end of the message.
Note: Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. This includes Apache httpd >= 2.3.3, if configured with "SSLUseStapling On".
Security: http://www.openssl.org/news/secadv_20110208.txt Security: CVE-2011-0014 Obtained from: OpenSSL CVS
|
216166 |
03-Dec-2010 |
simon |
Merge OpenSSL 0.9.8q into head.
Security: CVE-2010-4180 Security: http://www.openssl.org/news/secadv_20101202.txt MFC after: 3 days
|
215697 |
22-Nov-2010 |
simon |
Merge OpenSSL 0.9.8p into head.
Security: CVE-2010-3864 Security: http://www.openssl.org/news/secadv_20101116.txt
|
215288 |
14-Nov-2010 |
simon |
Fix double-free in OpenSSL's SSL ECDH code.
It has yet to be determined if this warrants a FreeBSD Security Advisory, but we might as well get it fixed in the normal branches.
Obtained from: OpenSSL CVS Security: CVE-2010-2939 X-MFC after: Not long...
|
206046 |
01-Apr-2010 |
simon |
Merge OpenSSL 0.9.8n into head.
This fixes CVE-2010-0740 which only affected -CURRENT (OpenSSL 0.9.8m) but not -STABLE branches.
I have not yet been able to find out if CVE-2010-0433 impacts FreeBSD. This will be investigated further.
Security: CVE-2010-0433, CVE-2010-0740 Security: http://www.openssl.org/news/secadv_20100324.txt
|
205128 |
13-Mar-2010 |
simon |
Merge OpenSSL 0.9.8m into head.
This also "reverts" some FreeBSD local changes so we should now be back to using entirely stock OpenSSL. The local changes were simple $FreeBSD$ lines additions, which were required in the CVS days, and the patch for FreeBSD-SA-09:15.ssl which has been superseded with OpenSSL 0.9.8m's RFC5746 'TLS renegotiation extension' support.
MFC after: 3 weeks
|
200054 |
03-Dec-2009 |
cperciva |
Disable SSL renegotiation in order to protect against a serious protocol flaw. [09:15]
Correctly handle failures from unsetenv resulting from a corrupt environment in rtld-elf. [09:16]
Fix permissions in freebsd-update in order to prevent leakage of sensitive files. [09:17]
Approved by: so (cperciva) Security: FreeBSD-SA-09:15.ssl Security: FreeBSD-SA-09:16.rtld Security: FreeBSD-SA-09:17.freebsd-udpate
|
196474 |
23-Aug-2009 |
simon |
Merge DTLS fixes from vendor-crypto/openssl/dist:
- Fix memory consumption bug with "future epoch" DTLS records. - Fix fragment handling memory leak. - Do not access freed data structure. - Fix DTLS fragment bug - out-of-sequence message handling which could result in NULL pointer dereference in dtls1_process_out_of_seq_message().
Note that this will not get FreeBSD Security Advisory as DTLS is experimental in OpenSSL.
MFC after: 1 week Security: CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1387
|
194206 |
14-Jun-2009 |
simon |
Merge OpenSSL 0.9.8k into head.
Approved by: re
|
186872 |
07-Jan-2009 |
simon |
Prevent cross-site forgery attacks on lukemftpd(8) due to splitting long commands into multiple requests. [09:01]
Fix incorrect OpenSSL checks for malformed signatures due to invalid check of return value from EVP_VerifyFinal(), DSA_verify, and DSA_do_verify. [09:02]
Security: FreeBSD-SA-09:01.lukemftpd Security: FreeBSD-SA-09:02.openssl Obtained from: NetBSD [SA-09:01] Obtained from: OpenSSL Project [SA-09:02] Approved by: so (simon)
|
172768 |
18-Oct-2007 |
simon |
This commit was generated by cvs2svn to compensate for changes in r172767, which included commits to RCS files with non-trunk default branches.
|
172429 |
03-Oct-2007 |
simon |
Correct a buffer overflow in OpenSSL SSL_get_shared_ciphers().
Security: FreeBSD-SA-07:08.openssl Approved by: re (security blanket)
|
167615 |
15-Mar-2007 |
simon |
Resolve conflicts after import of OpenSSL 0.9.8e.
|
167613 |
15-Mar-2007 |
simon |
This commit was generated by cvs2svn to compensate for changes in r167612, which included commits to RCS files with non-trunk default branches.
|
162914 |
01-Oct-2006 |
simon |
Resolve conflicts after import of OpenSSL 0.9.8d.
|
162912 |
01-Oct-2006 |
simon |
This commit was generated by cvs2svn to compensate for changes in r162911, which included commits to RCS files with non-trunk default branches.
|
160817 |
29-Jul-2006 |
simon |
Resolve conflicts after import of OpenSSL 0.9.8b.
|
160815 |
29-Jul-2006 |
simon |
This commit was generated by cvs2svn to compensate for changes in r160814, which included commits to RCS files with non-trunk default branches.
|
151233 |
11-Oct-2005 |
cperciva |
Correct a man-in-the-middle SSL version rollback vulnerability.
Security: FreeBSD-SA-05:21.openssl
|
142431 |
25-Feb-2005 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r142430, which included commits to RCS files with non-trunk default branches.
|
142428 |
25-Feb-2005 |
nectar |
Resolve conflicts after import of OpenSSL 0.9.7e.
|
142426 |
25-Feb-2005 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r142425, which included commits to RCS files with non-trunk default branches.
|
127134 |
17-Mar-2004 |
nectar |
Resolve conflicts after import of OpenSSL 0.9.7d.
|
127129 |
17-Mar-2004 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r127128, which included commits to RCS files with non-trunk default branches.
|
127115 |
17-Mar-2004 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r127114, which included commits to RCS files with non-trunk default branches.
|
120632 |
01-Oct-2003 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r120631, which included commits to RCS files with non-trunk default branches.
|
112440 |
20-Mar-2003 |
jedgar |
This commit was generated by cvs2svn to compensate for changes in r112439, which included commits to RCS files with non-trunk default branches.
|
111150 |
19-Feb-2003 |
nectar |
Resolve conflicts after import of OpenSSL 0.9.7a.
|
111148 |
19-Feb-2003 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r111147, which included commits to RCS files with non-trunk default branches.
|
110007 |
28-Jan-2003 |
markm |
Merge conflicts. This is cunning doublespeak for "use vendor code".
|
109999 |
28-Jan-2003 |
markm |
This commit was generated by cvs2svn to compensate for changes in r109998, which included commits to RCS files with non-trunk default branches.
|
101621 |
10-Aug-2002 |
nectar |
Resolve conflicts.
|
101616 |
10-Aug-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r101615, which included commits to RCS files with non-trunk default branches.
|
100943 |
30-Jul-2002 |
nectar |
Resolve conflicts after import of OpenSSL 0.9.6e.
|
100937 |
30-Jul-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r100936, which included commits to RCS files with non-trunk default branches.
|
100932 |
30-Jul-2002 |
nectar |
Remove many obsolete files. The majority of these are simply no longer included as part of the OpenSSL distribution. However, a few we just don't need and are explicitly excluded in FREEBSD-Xlist.
|
100929 |
30-Jul-2002 |
nectar |
This commit was generated by cvs2svn to compensate for changes in r100928, which included commits to RCS files with non-trunk default branches.
|
89840 |
27-Jan-2002 |
kris |
Resolve conflicts.
|
89838 |
27-Jan-2002 |
kris |
This commit was generated by cvs2svn to compensate for changes in r89837, which included commits to RCS files with non-trunk default branches.
|
80001 |
19-Jul-2001 |
kris |
Resolve conflicts
|
79999 |
19-Jul-2001 |
kris |
This commit was generated by cvs2svn to compensate for changes in r79998, which included commits to RCS files with non-trunk default branches.
|
76870 |
20-May-2001 |
kris |
Resolve conflicts
|
76867 |
20-May-2001 |
kris |
This commit was generated by cvs2svn to compensate for changes in r76866, which included commits to RCS files with non-trunk default branches.
|
72616 |
18-Feb-2001 |
kris |
Resolve conflicts
|
72614 |
18-Feb-2001 |
kris |
This commit was generated by cvs2svn to compensate for changes in r72613, which included commits to RCS files with non-trunk default branches.
|
68654 |
13-Nov-2000 |
kris |
Resolve conflicts, and garbage collect some local changes that are no longer required
|
68652 |
13-Nov-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r68651, which included commits to RCS files with non-trunk default branches.
|
59194 |
13-Apr-2000 |
kris |
Resolve conflicts.
|
59192 |
13-Apr-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r59191, which included commits to RCS files with non-trunk default branches.
|
55949 |
14-Jan-2000 |
kris |
Fix breakage when NO_RSA specified.
Reviewed by: Ben Laurie <ben@openssl.org>
|
55715 |
10-Jan-2000 |
kris |
This commit was generated by cvs2svn to compensate for changes in r55714, which included commits to RCS files with non-trunk default branches.
|