Remove overlapping CHANGES/NEWS entries
Remove entries from CHANGES and NEWS from letter releases that occur *after* the next point release. Without this we get duplicate entries for the same issue appearing multiple times. Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
parent
cd56a08d4e
commit
82123b5e94
279
CHANGES
279
CHANGES
@ -776,63 +776,6 @@
|
|||||||
Add command line options to s_client/s_server.
|
Add command line options to s_client/s_server.
|
||||||
[Steve Henson]
|
[Steve Henson]
|
||||||
|
|
||||||
Changes between 1.0.0j and 1.0.0k [5 Feb 2013]
|
|
||||||
|
|
||||||
*) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
|
|
||||||
|
|
||||||
This addresses the flaw in CBC record processing discovered by
|
|
||||||
Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
|
|
||||||
at: http://www.isg.rhul.ac.uk/tls/
|
|
||||||
|
|
||||||
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
|
|
||||||
Security Group at Royal Holloway, University of London
|
|
||||||
(www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
|
|
||||||
Emilia Käsper for the initial patch.
|
|
||||||
(CVE-2013-0169)
|
|
||||||
[Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
|
|
||||||
|
|
||||||
*) Return an error when checking OCSP signatures when key is NULL.
|
|
||||||
This fixes a DoS attack. (CVE-2013-0166)
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
*) Call OCSP Stapling callback after ciphersuite has been chosen, so
|
|
||||||
the right response is stapled. Also change SSL_get_certificate()
|
|
||||||
so it returns the certificate actually sent.
|
|
||||||
See http://rt.openssl.org/Ticket/Display.html?id=2836.
|
|
||||||
(This is a backport)
|
|
||||||
[Rob Stradling <rob.stradling@comodo.com>]
|
|
||||||
|
|
||||||
*) Fix possible deadlock when decoding public keys.
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
Changes between 1.0.0i and 1.0.0j [10 May 2012]
|
|
||||||
|
|
||||||
[NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after
|
|
||||||
OpenSSL 1.0.1.]
|
|
||||||
|
|
||||||
*) Sanity check record length before skipping explicit IV in DTLS
|
|
||||||
to fix DoS attack.
|
|
||||||
|
|
||||||
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
|
|
||||||
fuzzing as a service testing platform.
|
|
||||||
(CVE-2012-2333)
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
*) Initialise tkeylen properly when encrypting CMS messages.
|
|
||||||
Thanks to Solar Designer of Openwall for reporting this issue.
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
Changes between 1.0.0h and 1.0.0i [19 Apr 2012]
|
|
||||||
|
|
||||||
*) Check for potentially exploitable overflows in asn1_d2i_read_bio
|
|
||||||
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
|
|
||||||
in CRYPTO_realloc_clean.
|
|
||||||
|
|
||||||
Thanks to Tavis Ormandy, Google Security Team, for discovering this
|
|
||||||
issue and to Adam Langley <agl@chromium.org> for fixing it.
|
|
||||||
(CVE-2012-2110)
|
|
||||||
[Adam Langley (Google), Tavis Ormandy, Google Security Team]
|
|
||||||
|
|
||||||
Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
|
Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
|
||||||
|
|
||||||
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
|
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
|
||||||
@ -1823,228 +1766,6 @@
|
|||||||
*) Change 'Configure' script to enable Camellia by default.
|
*) Change 'Configure' script to enable Camellia by default.
|
||||||
[NTT]
|
[NTT]
|
||||||
|
|
||||||
Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
|
|
||||||
|
|
||||||
*) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
|
|
||||||
|
|
||||||
This addresses the flaw in CBC record processing discovered by
|
|
||||||
Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
|
|
||||||
at: http://www.isg.rhul.ac.uk/tls/
|
|
||||||
|
|
||||||
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
|
|
||||||
Security Group at Royal Holloway, University of London
|
|
||||||
(www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
|
|
||||||
Emilia Käsper for the initial patch.
|
|
||||||
(CVE-2013-0169)
|
|
||||||
[Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
|
|
||||||
|
|
||||||
*) Return an error when checking OCSP signatures when key is NULL.
|
|
||||||
This fixes a DoS attack. (CVE-2013-0166)
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
*) Call OCSP Stapling callback after ciphersuite has been chosen, so
|
|
||||||
the right response is stapled. Also change SSL_get_certificate()
|
|
||||||
so it returns the certificate actually sent.
|
|
||||||
See http://rt.openssl.org/Ticket/Display.html?id=2836.
|
|
||||||
(This is a backport)
|
|
||||||
[Rob Stradling <rob.stradling@comodo.com>]
|
|
||||||
|
|
||||||
*) Fix possible deadlock when decoding public keys.
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
Changes between 0.9.8w and 0.9.8x [10 May 2012]
|
|
||||||
|
|
||||||
*) Sanity check record length before skipping explicit IV in DTLS
|
|
||||||
to fix DoS attack.
|
|
||||||
|
|
||||||
Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
|
|
||||||
fuzzing as a service testing platform.
|
|
||||||
(CVE-2012-2333)
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
*) Initialise tkeylen properly when encrypting CMS messages.
|
|
||||||
Thanks to Solar Designer of Openwall for reporting this issue.
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
|
|
||||||
|
|
||||||
*) The fix for CVE-2012-2110 did not take into account that the
|
|
||||||
'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
|
|
||||||
int in OpenSSL 0.9.8, making it still vulnerable. Fix by
|
|
||||||
rejecting negative len parameter. (CVE-2012-2131)
|
|
||||||
[Tomas Hoger <thoger@redhat.com>]
|
|
||||||
|
|
||||||
Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
|
|
||||||
|
|
||||||
*) Check for potentially exploitable overflows in asn1_d2i_read_bio
|
|
||||||
BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
|
|
||||||
in CRYPTO_realloc_clean.
|
|
||||||
|
|
||||||
Thanks to Tavis Ormandy, Google Security Team, for discovering this
|
|
||||||
issue and to Adam Langley <agl@chromium.org> for fixing it.
|
|
||||||
(CVE-2012-2110)
|
|
||||||
[Adam Langley (Google), Tavis Ormandy, Google Security Team]
|
|
||||||
|
|
||||||
Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
|
|
||||||
|
|
||||||
*) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
|
|
||||||
in CMS and PKCS7 code. When RSA decryption fails use a random key for
|
|
||||||
content decryption and always return the same error. Note: this attack
|
|
||||||
needs on average 2^20 messages so it only affects automated senders. The
|
|
||||||
old behaviour can be reenabled in the CMS code by setting the
|
|
||||||
CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
|
|
||||||
an MMA defence is not necessary.
|
|
||||||
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
|
|
||||||
this issue. (CVE-2012-0884)
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
*) Fix CVE-2011-4619: make sure we really are receiving a
|
|
||||||
client hello before rejecting multiple SGC restarts. Thanks to
|
|
||||||
Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
|
|
||||||
|
|
||||||
*) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
|
|
||||||
Thanks to Antonio Martin, Enterprise Secure Access Research and
|
|
||||||
Development, Cisco Systems, Inc. for discovering this bug and
|
|
||||||
preparing a fix. (CVE-2012-0050)
|
|
||||||
[Antonio Martin]
|
|
||||||
|
|
||||||
Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
|
|
||||||
|
|
||||||
*) Nadhem Alfardan and Kenny Paterson have discovered an extension
|
|
||||||
of the Vaudenay padding oracle attack on CBC mode encryption
|
|
||||||
which enables an efficient plaintext recovery attack against
|
|
||||||
the OpenSSL implementation of DTLS. Their attack exploits timing
|
|
||||||
differences arising during decryption processing. A research
|
|
||||||
paper describing this attack can be found at:
|
|
||||||
http://www.isg.rhul.ac.uk/~kp/dtls.pdf
|
|
||||||
Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
|
|
||||||
Security Group at Royal Holloway, University of London
|
|
||||||
(www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
|
|
||||||
<seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
|
|
||||||
for preparing the fix. (CVE-2011-4108)
|
|
||||||
[Robin Seggelmann, Michael Tuexen]
|
|
||||||
|
|
||||||
*) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
|
|
||||||
[Ben Laurie, Kasper <ekasper@google.com>]
|
|
||||||
|
|
||||||
*) Clear bytes used for block padding of SSL 3.0 records.
|
|
||||||
(CVE-2011-4576)
|
|
||||||
[Adam Langley (Google)]
|
|
||||||
|
|
||||||
*) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
|
|
||||||
Kadianakis <desnacked@gmail.com> for discovering this issue and
|
|
||||||
Adam Langley for preparing the fix. (CVE-2011-4619)
|
|
||||||
[Adam Langley (Google)]
|
|
||||||
|
|
||||||
*) Prevent malformed RFC3779 data triggering an assertion failure.
|
|
||||||
Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
|
|
||||||
and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
|
|
||||||
[Rob Austein <sra@hactrn.net>]
|
|
||||||
|
|
||||||
*) Fix ssl_ciph.c set-up race.
|
|
||||||
[Adam Langley (Google)]
|
|
||||||
|
|
||||||
*) Fix spurious failures in ecdsatest.c.
|
|
||||||
[Emilia Käsper (Google)]
|
|
||||||
|
|
||||||
*) Fix the BIO_f_buffer() implementation (which was mixing different
|
|
||||||
interpretations of the '..._len' fields).
|
|
||||||
[Adam Langley (Google)]
|
|
||||||
|
|
||||||
*) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
|
|
||||||
BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
|
|
||||||
threads won't reuse the same blinding coefficients.
|
|
||||||
|
|
||||||
This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
|
|
||||||
lock to call BN_BLINDING_invert_ex, and avoids one use of
|
|
||||||
BN_BLINDING_update for each BN_BLINDING structure (previously,
|
|
||||||
the last update always remained unused).
|
|
||||||
[Emilia Käsper (Google)]
|
|
||||||
|
|
||||||
*) Fix SSL memory handling for (EC)DH ciphersuites, in particular
|
|
||||||
for multi-threaded use of ECDH.
|
|
||||||
[Adam Langley (Google)]
|
|
||||||
|
|
||||||
*) Fix x509_name_ex_d2i memory leak on bad inputs.
|
|
||||||
[Bodo Moeller]
|
|
||||||
|
|
||||||
*) Add protection against ECDSA timing attacks as mentioned in the paper
|
|
||||||
by Billy Bob Brumley and Nicola Tuveri, see:
|
|
||||||
|
|
||||||
http://eprint.iacr.org/2011/232.pdf
|
|
||||||
|
|
||||||
[Billy Bob Brumley and Nicola Tuveri]
|
|
||||||
|
|
||||||
Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
|
|
||||||
|
|
||||||
*) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
|
|
||||||
[Neel Mehta, Adam Langley, Bodo Moeller (Google)]
|
|
||||||
|
|
||||||
*) Fix bug in string printing code: if *any* escaping is enabled we must
|
|
||||||
escape the escape character (backslash) or the resulting string is
|
|
||||||
ambiguous.
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
|
|
||||||
|
|
||||||
*) Disable code workaround for ancient and obsolete Netscape browsers
|
|
||||||
and servers: an attacker can use it in a ciphersuite downgrade attack.
|
|
||||||
Thanks to Martin Rex for discovering this bug. CVE-2010-4180
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
*) Fixed J-PAKE implementation error, originally discovered by
|
|
||||||
Sebastien Martini, further info and confirmation from Stefan
|
|
||||||
Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
|
|
||||||
[Ben Laurie]
|
|
||||||
|
|
||||||
Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
|
|
||||||
|
|
||||||
*) Fix extension code to avoid race conditions which can result in a buffer
|
|
||||||
overrun vulnerability: resumed sessions must not be modified as they can
|
|
||||||
be shared by multiple threads. CVE-2010-3864
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
*) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
*) Don't reencode certificate when calculating signature: cache and use
|
|
||||||
the original encoding instead. This makes signature verification of
|
|
||||||
some broken encodings work correctly.
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
*) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
|
|
||||||
is also one of the inputs.
|
|
||||||
[Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
|
|
||||||
|
|
||||||
*) Don't repeatedly append PBE algorithms to table if they already exist.
|
|
||||||
Sort table on each new add. This effectively makes the table read only
|
|
||||||
after all algorithms are added and subsequent calls to PKCS12_pbe_add
|
|
||||||
etc are non-op.
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
|
|
||||||
|
|
||||||
[NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
|
|
||||||
OpenSSL 1.0.0.]
|
|
||||||
|
|
||||||
*) Correct a typo in the CMS ASN1 module which can result in invalid memory
|
|
||||||
access or freeing data twice (CVE-2010-0742)
|
|
||||||
[Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]
|
|
||||||
|
|
||||||
*) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
|
|
||||||
common in certificates and some applications which only call
|
|
||||||
SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
|
|
||||||
[Steve Henson]
|
|
||||||
|
|
||||||
*) VMS fixes:
|
|
||||||
Reduce copying into .apps and .test in makevms.com
|
|
||||||
Don't try to use blank CA certificate in CA.com
|
|
||||||
Allow use of C files from original directories in maketests.com
|
|
||||||
[Steven M. Schweda" <sms@antinode.info>]
|
|
||||||
|
|
||||||
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
|
Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
|
||||||
|
|
||||||
*) When rejecting SSL/TLS records due to an incorrect version number, never
|
*) When rejecting SSL/TLS records due to an incorrect version number, never
|
||||||
|
69
NEWS
69
NEWS
@ -107,19 +107,6 @@
|
|||||||
o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
|
o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
|
||||||
o SRP support.
|
o SRP support.
|
||||||
|
|
||||||
Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
|
|
||||||
|
|
||||||
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
|
|
||||||
o Fix OCSP bad key DoS attack CVE-2013-0166
|
|
||||||
|
|
||||||
Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
|
|
||||||
|
|
||||||
o Fix DTLS record length checking bug CVE-2012-2333
|
|
||||||
|
|
||||||
Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
|
|
||||||
|
|
||||||
o Fix for ASN1 overflow bug CVE-2012-2110
|
|
||||||
|
|
||||||
Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
|
Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
|
||||||
|
|
||||||
o Fix for CMS/PKCS#7 MMA CVE-2012-0884
|
o Fix for CMS/PKCS#7 MMA CVE-2012-0884
|
||||||
@ -192,62 +179,6 @@
|
|||||||
o Opaque PRF Input TLS extension support.
|
o Opaque PRF Input TLS extension support.
|
||||||
o Updated time routines to avoid OS limitations.
|
o Updated time routines to avoid OS limitations.
|
||||||
|
|
||||||
Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
|
|
||||||
|
|
||||||
o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
|
|
||||||
o Fix OCSP bad key DoS attack CVE-2013-0166
|
|
||||||
|
|
||||||
Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
|
|
||||||
|
|
||||||
o Fix DTLS record length checking bug CVE-2012-2333
|
|
||||||
|
|
||||||
Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
|
|
||||||
|
|
||||||
o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
|
|
||||||
|
|
||||||
Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
|
|
||||||
|
|
||||||
o Fix for ASN1 overflow bug CVE-2012-2110
|
|
||||||
|
|
||||||
Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
|
|
||||||
|
|
||||||
o Fix for CMS/PKCS#7 MMA CVE-2012-0884
|
|
||||||
o Corrected fix for CVE-2011-4619
|
|
||||||
o Various DTLS fixes.
|
|
||||||
|
|
||||||
Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
|
|
||||||
|
|
||||||
o Fix for DTLS DoS issue CVE-2012-0050
|
|
||||||
|
|
||||||
Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
|
|
||||||
|
|
||||||
o Fix for DTLS plaintext recovery attack CVE-2011-4108
|
|
||||||
o Fix policy check double free error CVE-2011-4109
|
|
||||||
o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
|
|
||||||
o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
|
|
||||||
o Check for malformed RFC3779 data CVE-2011-4577
|
|
||||||
|
|
||||||
Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
|
|
||||||
|
|
||||||
o Fix for security issue CVE-2011-0014
|
|
||||||
|
|
||||||
Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
|
|
||||||
|
|
||||||
o Fix for security issue CVE-2010-4180
|
|
||||||
o Fix for CVE-2010-4252
|
|
||||||
|
|
||||||
Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
|
|
||||||
|
|
||||||
o Fix for security issue CVE-2010-3864.
|
|
||||||
|
|
||||||
Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
|
|
||||||
|
|
||||||
o Fix for security issue CVE-2010-0742.
|
|
||||||
o Various DTLS fixes.
|
|
||||||
o Recognise SHA2 certificates if only SSL algorithms added.
|
|
||||||
o Fix for no-rc4 compilation.
|
|
||||||
o Chil ENGINE unload workaround.
|
|
||||||
|
|
||||||
Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
|
Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
|
||||||
|
|
||||||
o CFB cipher definition fixes.
|
o CFB cipher definition fixes.
|
||||||
|
Loading…
x
Reference in New Issue
Block a user