generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Sync with 1.0.1 branch.

Browse Source 
(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)
This commit is contained in:
Bodo Möller 2011-02-08 19:09:08 +00:00
parent 9afe95099d
commit c415adc26f
1 changed files with 29 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CHANGES
View File

@ -146,7 +146,7 @@
whose return value is often ignored. whose return value is often ignored.
[Steve Henson] [Steve Henson]
Changes between 1.0.0c and 1.0.1 [xx XXX xxxx] Changes between 1.0.0d and 1.0.1 [xx XXX xxxx]
*) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
[Steve Henson] [Steve Henson]
@ -185,7 +185,10 @@
Add command line options to s_client/s_server. Add command line options to s_client/s_server.
[Steve Henson] [Steve Henson]
Changes between 1.0.0c and 1.0.0d [xx XXX xxxx] Changes between 1.0.0c and 1.0.0d [8 Feb 2011]
*) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
[Neel Mehta, Adam Langley, Bodo Moeller (Google)]
*) Fix bug in string printing code: if *any* escaping is enabled we must *) Fix bug in string printing code: if *any* escaping is enabled we must
escape the escape character (backslash) or the resulting string is escape the escape character (backslash) or the resulting string is
@ -1062,11 +1065,34 @@
*) Change 'Configure' script to enable Camellia by default. *) Change 'Configure' script to enable Camellia by default.
[NTT] [NTT]
Changes between 0.9.8o and 0.9.8p [xx XXX xxxx] Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
*) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
[Neel Mehta, Adam Langley, Bodo Moeller (Google)]
*) Fix bug in string printing code: if *any* escaping is enabled we must
escape the escape character (backslash) or the resulting string is
ambiguous.
[Steve Henson]
Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
*) Disable code workaround for ancient and obsolete Netscape browsers
and servers: an attacker can use it in a ciphersuite downgrade attack.
Thanks to Martin Rex for discovering this bug. CVE-2010-4180
[Steve Henson]
*) Fixed J-PAKE implementation error, originally discovered by
Sebastien Martini, further info and confirmation from Stefan
Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
[Ben Laurie]
Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
*) Fix extension code to avoid race conditions which can result in a buffer *) Fix extension code to avoid race conditions which can result in a buffer
overrun vulnerability: resumed sessions must not be modified as they can overrun vulnerability: resumed sessions must not be modified as they can
be shared by multiple threads. CVE-2010-3864 be shared by multiple threads. CVE-2010-3864
[Steve Henson]
*) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939 *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
[Steve Henson] [Steve Henson]