[Buildroot] [PATCH v2] openssl: bump to 1.0.0e

Gustavo Zacarias gustavo at zacarias.com.ar
Mon Sep 12 21:56:21 UTC 2011


On Wed, 07 Sep 2011 14:25:02 +0200, Yegor Yefremov wrote:

> Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
>
>   *) Fix bug where CRLs with nextUpdate in the past are sometimes 
> accepted
>      by initialising X509_STORE_CTX properly. (CVE-2011-3207)
>      [Kaspar Brand <ossl at velox.ch>]
>
>   *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
>      for multi-threaded use of ECDH. (CVE-2011-3210)
>      [Adam Langley (Google)]
>
>   *) Fix x509_name_ex_d2i memory leak on bad inputs.
>      [Bodo Moeller]
>
>   *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and 
> check
>      signature public key algorithm by using OID xref utilities 
> instead.
>      Before this you could only use some ECC ciphersuites with SHA1 
> only.
>      [Steve Henson]
>
>   *) Add protection against ECDSA timing attacks as mentioned in the 
> paper
>      by Billy Bob Brumley and Nicola Tuveri, see:
>
> 	http://eprint.iacr.org/2011/232.pdf
>
>      [Billy Bob Brumley and Nicola Tuveri]
>
> Signed-off-by: Yegor Yefremov <yegorslists at googlemail.com>

Acked-by: Gustavo Zacarias <gustavo at zacarias.com.ar>




More information about the buildroot mailing list