| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Backport of r48531.
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@48549 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Backport of r47726.
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@47804 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.
This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Backport of r46285
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@46287 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
| |
fixes CVE-2015-4000 CVE-2015-1788 CVE-2015-1789 CVE-2015-1790 CVE-2015-1792 CVE-2015-1791
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@45951 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
|
| |
Fixes CVE-2015-0204, CVE-2015-0207, CVE-2015-0208, CVE-2015-0209,
CVE-2015-0285, CVE-2015-0286, CVE-2015-0287, CVE-2015-0288, CVE-2015-0289,
CVE-2015-0290, CVE-2015-0291, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44952 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
| |
Fixes CVE-2014-3513, CVE-2014-3567, CVE-2014-3568, CVE-2014-3566
Signed-off-by: Steven Barth <steven@midlink.org>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@44347 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
| |
Fixes CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572,
CVE-2015-0204, CVE-2015-0205, CVE-2014-8275 and CVE-2014-3570.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@43889 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
|
| |
Also refresh patches and bump copyright year in Makefile.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Backport of r42929
git-svn-id: svn://svn.openwrt.org/openwrt/branches/barrier_breaker@42930 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This version includes this changes:
Don't include gmt_unix_time in TLS server and client random values
Fix for TLS record tampering bug CVE-2013-4353
Fix for TLS version checking bug CVE-2013-6449
Fix for DTLS retransmission bug CVE-2013-6450
Signed-off-by: Peter Wagner <tripolar@gmx.at>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39853 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37927 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
