Import OpenSSL 1.0.2j.

This commit is contained in:
Jung-uk Kim 2016-09-26 14:13:11 +00:00
parent e1b483878d
commit e656c34a18
9 changed files with 28 additions and 10 deletions

12
CHANGES
View File

@ -2,6 +2,18 @@
OpenSSL CHANGES
_______________
Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
*) Missing CRL sanity check
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
This issue only affects the OpenSSL 1.0.2i
(CVE-2016-7052)
[Matt Caswell]
Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
*) OCSP Status Request extension unbounded memory growth

View File

@ -11,8 +11,8 @@ First, read http://wiki.freebsd.org/SubversionPrimer/VendorImports
# Xlist
setenv XLIST /FreeBSD/work/openssl/svn-FREEBSD-files/FREEBSD-Xlist
setenv FSVN "svn+ssh://repo.freebsd.org/base"
setenv OSSLVER 1.0.2i
# OSSLTAG format: v1_0_2i
setenv OSSLVER 1.0.2j
# OSSLTAG format: v1_0_2j
###setenv OSSLTAG v`echo ${OSSLVER} | tr . _`

View File

@ -4,7 +4,7 @@
## Makefile for OpenSSL
##
VERSION=1.0.2i
VERSION=1.0.2j
MAJOR=1
MINOR=0.2
SHLIB_VERSION_NUMBER=1.0.0

4
NEWS
View File

@ -5,6 +5,10 @@
This file gives a brief overview of the major changes between each OpenSSL
release. For more details please read the CHANGES file.
Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
o Fix Use After Free for large message sizes (CVE-2016-6309)
Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)

2
README
View File

@ -1,5 +1,5 @@
OpenSSL 1.0.2i 22 Sep 2016
OpenSSL 1.0.2j 26 Sep 2016
Copyright (c) 1998-2015 The OpenSSL Project
Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

View File

@ -939,7 +939,7 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
if (fstate->mac_len != 0) {
if (fstate->mac_data != NULL) {
dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
if (dstate->ac_data == NULL) {
if (dstate->mac_data == NULL) {
printf("cryptodev_digest_init: malloc failed\n");
return 0;
}

View File

@ -30,11 +30,11 @@ extern "C" {
* (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
* major minor fix final patch/beta)
*/
# define OPENSSL_VERSION_NUMBER 0x1000209fL
# define OPENSSL_VERSION_NUMBER 0x100020afL
# ifdef OPENSSL_FIPS
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2i-fips 22 Sep 2016"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j-fips 26 Sep 2016"
# else
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2i 22 Sep 2016"
# define OPENSSL_VERSION_TEXT "OpenSSL 1.0.2j 26 Sep 2016"
# endif
# define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT

View File

@ -1124,10 +1124,10 @@ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
crl = sk_X509_CRL_value(crls, i);
reasons = *preasons;
crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
if (crl_score < best_score)
if (crl_score < best_score || crl_score == 0)
continue;
/* If current CRL is equivalent use it if it is newer */
if (crl_score == best_score) {
if (crl_score == best_score && best_crl != NULL) {
int day, sec;
if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
X509_CRL_get_lastUpdate(crl)) == 0)

View File

@ -275,7 +275,9 @@ int SSL_extension_supported(unsigned int ext_type)
case TLSEXT_TYPE_ec_point_formats:
case TLSEXT_TYPE_elliptic_curves:
case TLSEXT_TYPE_heartbeat:
# ifndef OPENSSL_NO_NEXTPROTONEG
case TLSEXT_TYPE_next_proto_neg:
# endif
case TLSEXT_TYPE_padding:
case TLSEXT_TYPE_renegotiate:
case TLSEXT_TYPE_server_name: