up to OpenSSL 1.0.2h [3 May 2016] auto/ac/openssl-1.0.2h-1 auto/th/openssl-1.0.2h-1
authorElan Ruusamäe <glen@delfi.ee>
Tue, 3 May 2016 17:11:33 +0000 (20:11 +0300)
committerElan Ruusamäe <glen@delfi.ee>
Tue, 3 May 2016 17:12:25 +0000 (20:12 +0300)
commitab4f815e9a9889c92d9bba9a23a30b376819b070
treeb2f98fc458fc9f59ccbb4f15c27a242e05dd92fe
parent583fceb00054978a3c4b10e98334af76d7abc18d
parent3641afbf3559dd46b06756754b43448fc1e29687
up to OpenSSL 1.0.2h [3 May 2016]

- Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
- Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
- Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
- Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
- EBCDIC overread (CVE-2016-2176)
- Modify behavior of ALPN to invoke callback after SNI/servername callback, such that updates to the SSL_CTX affect ALPN.
- Remove LOW from the DEFAULT cipher list. This removes singles DES from the default.
- Only remove the SSLv2 methods with the no-ssl2-method option.

Merge branch 'dev-1.0.2h'
openssl.spec
This page took 1.162676 seconds and 4 git commands to generate.