Commit Graph

6 Commits

Author SHA1 Message Date
Jo-Philipp Wich
48d9137d31 openssl: update to v1.0.2d (CVE-2015-1793)
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.

This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 46285
2015-07-09 13:04:27 +00:00
Steven Barth
89c8d78d31 openssl: 1.0.2b (hey, we made it nearly 3 months this time!)
Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 45946
2015-06-11 20:28:44 +00:00
Steven Barth
2ca8a6cce4 openssl: bump to 1.0.2
Fixes CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 44332
2015-02-09 12:04:00 +00:00
Felix Fietkau
c2bbaf439c openssl: update to 1.0.1f
This version includes this changes:

    Don't include gmt_unix_time in TLS server and client random values
    Fix for TLS record tampering bug CVE-2013-4353
    Fix for TLS version checking bug CVE-2013-6449
    Fix for DTLS retransmission bug CVE-2013-6450

Signed-off-by: Peter Wagner <tripolar@gmx.at>

SVN-Revision: 39853
2014-03-09 13:23:41 +00:00
Tim Yardley
b521113aa1 openssl: security update to 1.0.1d to address CBC TLS issue
addressing
CVE-2013-0169: 4th February 2013

Signed-off-by: Tim Yardley <yardley@gmail.com>

SVN-Revision: 35524
2013-02-08 19:36:06 +00:00
Felix Fietkau
48db59fab7 move library packages to package/libs/
SVN-Revision: 33657
2012-10-08 11:24:12 +00:00