commitmonitor Code

Monitor your SVN repositories and notifies you on new commits

Brought to you by: steveking

This project can now be found here.

Commit [r1060] Maximize Restore History

Update to OpenSSL 1.0.2d

Authored by: steveking 2015-07-10

Browse code at this revision

Parent: [r1059]

Child: [r1061]

1 2 > >> (Page 1 of 2)

changed	/trunk/ext/openssl/CHANGES
changed	/trunk/ext/openssl/Makefile.org
changed	/trunk/ext/openssl/NEWS
changed	/trunk/ext/openssl/README
changed	/trunk/ext/openssl/apps/ocsp.c
changed	/trunk/ext/openssl/crypto/bio/bio.h
changed	/trunk/ext/openssl/crypto/bn/Makefile
changed	/trunk/ext/openssl/crypto/bn/bn_exp.c
changed	/trunk/ext/openssl/crypto/bn/bntest.c
changed	/trunk/ext/openssl/crypto/bn/rsaz_exp.c
changed	/trunk/ext/openssl/crypto/bn/rsaz_exp.h
changed	/trunk/ext/openssl/crypto/cms/cms_smime.c
changed	/trunk/ext/openssl/crypto/evp/e_aes.c
changed	/trunk/ext/openssl/crypto/hmac/hmactest.c
changed	/trunk/ext/openssl/crypto/opensslconf.h.in
changed	/trunk/ext/openssl/crypto/opensslv.h
changed	/trunk/ext/openssl/crypto/pkcs12/p12_kiss.c
changed	/trunk/ext/openssl/crypto/srp/srptest.c
changed	/trunk/ext/openssl/crypto/threads/mttest.c
changed	/trunk/ext/openssl/crypto/threads/pthread2.sh
changed	/trunk/ext/openssl/crypto/x509/Makefile
added	/trunk/ext/openssl/crypto/x509/verify_extra_test.c
changed	/trunk/ext/openssl/crypto/x509/x509_vfy.c
changed	/trunk/ext/openssl/doc/apps/verify.pod
changed	/trunk/ext/openssl/doc/crypto/X509_NAME_get_index_by_NID.pod

/trunk/ext/openssl/CHANGES Diff Switch to side-by-side view

--- a/trunk/ext/openssl/CHANGES
+++ b/trunk/ext/openssl/CHANGES
@@ -1,6 +1,21 @@
 
  OpenSSL CHANGES
  _______________
+
+ Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
+
+  *) Alternate chains certificate forgery
+
+     During certificate verfification, OpenSSL will attempt to find an
+     alternative certificate chain if the first attempt to build such a chain
+     fails. An error in the implementation of this logic can mean that an
+     attacker could cause certain checks on untrusted certificates to be
+     bypassed, such as the CA flag, enabling them to use a valid leaf
+     certificate to act as a CA and "issue" an invalid certificate.
+
+     This issue was reported to OpenSSL by Adam Langley/David Benjamin
+     (Google/BoringSSL).
+     [Matt Caswell]
 
  Changes between 1.0.2b and 1.0.2c [12 Jun 2015]

/trunk/ext/openssl/Makefile.org Diff Switch to side-by-side view

--- a/trunk/ext/openssl/Makefile.org
+++ b/trunk/ext/openssl/Makefile.org
@@ -269,6 +269,7 @@
 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
 
 sub_all: build_all
+
 build_all: build_libs build_apps build_tests build_tools
 
 build_libs: build_libcrypto build_libssl openssl.pc
@@ -278,15 +279,15 @@
 
 build_crypto:
 	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl:
+build_ssl: build_crypto
 	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
+build_engines: build_crypto
 	@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
+build_apps: build_libs
 	@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
+build_tests: build_libs
 	@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools:
+build_tools: build_libs
 	@dir=tools; target=all; $(BUILD_ONE_CMD)
 
 all_testapps: build_libs build_testapps

/trunk/ext/openssl/NEWS Diff Switch to side-by-side view

--- a/trunk/ext/openssl/NEWS
+++ b/trunk/ext/openssl/NEWS
@@ -4,6 +4,10 @@
 
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
+
+  Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
+
+      o Alternate chains certificate forgery (CVE-2015-1793)
 
   Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]