diff options
author | Shigeki Ohtsu <ohtsu@ohtsu.org> | 2018-03-27 23:34:31 +0900 |
---|---|---|
committer | Myles Borins <mylesborins@google.com> | 2018-03-27 20:17:18 -0400 |
commit | d10b7f1cdf8824dc53fbdd4b4617c860f0d8cb80 (patch) | |
tree | 7f4b716eff55fd05905240ebb0cc041688c93dfb /deps/openssl/openssl/CHANGES | |
parent | df62e69de73f4fb199f3b88727d13f6c52de332a (diff) | |
download | android-node-v8-d10b7f1cdf8824dc53fbdd4b4617c860f0d8cb80.tar.gz android-node-v8-d10b7f1cdf8824dc53fbdd4b4617c860f0d8cb80.tar.bz2 android-node-v8-d10b7f1cdf8824dc53fbdd4b4617c860f0d8cb80.zip |
deps: upgrade openssl sources to 1.0.2o
This replaces all sources of openssl-1.0.2o.tar.gz into
deps/openssl/openssl
PR-URL: https://github.com/nodejs/node/pull/19638
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Rod Vagg <rod@vagg.org>
Diffstat (limited to 'deps/openssl/openssl/CHANGES')
-rw-r--r-- | deps/openssl/openssl/CHANGES | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/deps/openssl/openssl/CHANGES b/deps/openssl/openssl/CHANGES index f2fc31a25c..cc142508b9 100644 --- a/deps/openssl/openssl/CHANGES +++ b/deps/openssl/openssl/CHANGES @@ -7,6 +7,21 @@ https://github.com/openssl/openssl/commits/ and pick the appropriate release branch. + Changes between 1.0.2n and 1.0.2o [27 Mar 2018] + + *) Constructed ASN.1 types with a recursive definition could exceed the stack + + Constructed ASN.1 types with a recursive definition (such as can be found + in PKCS7) could eventually exceed the stack given malicious input with + excessive recursion. This could result in a Denial Of Service attack. There + are no such structures used within SSL/TLS that come from untrusted sources + so this is considered safe. + + This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz + project. + (CVE-2018-0739) + [Matt Caswell] + Changes between 1.0.2m and 1.0.2n [7 Dec 2017] *) Read/write after SSL object in error state @@ -2012,8 +2027,11 @@ to work with OPENSSL_NO_SSL_INTERN defined. [Steve Henson] - *) Add SRP support. - [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie] + *) A long standing patch to add support for SRP from EdelWeb (Peter + Sylvester and Christophe Renou) was integrated. + [Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester + <peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and + Ben Laurie] *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id. [Steve Henson] |