git.openwrt.org Git - openwrt/svn-archive/openwrt.git/commit

author	Jo-Philipp Wich <[email protected]>
	Thu, 9 Jul 2015 13:15:32 +0000 (13:15 +0000)
committer	Jo-Philipp Wich <[email protected]>
	Thu, 9 Jul 2015 13:15:32 +0000 (13:15 +0000)
commit	3dc65d9004190bacb799139ea1969dfb6e66b5e2
tree	66c20a6760f167e5717a4ef573e0306553892c5f	tree \| snapshot
parent	38cdae0075dc9f5908ce2ebc856e53120dff929a	commit \| diff

BB: openssl: update to v1.0.2d (CVE-2015-1793)

During certificate verification, OpenSSL (starting from version 1.0.1n and
1.0.2b) will attempt to find an alternative certificate chain if the first
attempt to build such a chain fails. An error in the implementation of this
logic can mean that an attacker could cause certain checks on untrusted
certificates to be bypassed, such as the CA flag, enabling them to use a valid
leaf certificate to act as a CA and "issue" an invalid certificate.

This issue will impact any application that verifies certificates including
SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication.

Signed-off-by: Jo-Philipp Wich <[email protected]>
Backport of r46285

SVN-Revision: 46287

package/libs/openssl/Makefile		diff \| blob \| history
package/libs/openssl/patches/160-disable_doc_tests.patch		diff \| blob \| history
package/libs/openssl/patches/190-remove_timestamp_check.patch		diff \| blob \| history
package/libs/openssl/patches/200-parallel_build.patch		diff \| blob \| history
package/libs/openssl/patches/220-fix-no-ec-build.patch	[deleted file]	blob \| history