diff options
author | Shigeki Ohtsu <ohtsu@ohtsu.org> | 2017-11-03 00:22:35 +0900 |
---|---|---|
committer | Myles Borins <mylesborins@google.com> | 2017-11-03 12:22:29 -0500 |
commit | e7fff9c4435f9f5ef8069217d2a0093c81a8c78b (patch) | |
tree | 45fbbf4aae64902b831501231d16b7a0af2aeb53 /deps/openssl/openssl/CHANGES | |
parent | 3d4d5e0c60f00693947c940b09249f3952bb0cdc (diff) | |
download | android-node-v8-e7fff9c4435f9f5ef8069217d2a0093c81a8c78b.tar.gz android-node-v8-e7fff9c4435f9f5ef8069217d2a0093c81a8c78b.tar.bz2 android-node-v8-e7fff9c4435f9f5ef8069217d2a0093c81a8c78b.zip |
deps: upgrade openssl sources to 1.0.2m
This replaces all sources of openssl-1.0.2m.tar.gz into
deps/openssl/openssl
PR-URL: https://github.com/nodejs/node/pull/16691
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'deps/openssl/openssl/CHANGES')
-rw-r--r-- | deps/openssl/openssl/CHANGES | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/deps/openssl/openssl/CHANGES b/deps/openssl/openssl/CHANGES index 307b2ed5e3..e3d57b328c 100644 --- a/deps/openssl/openssl/CHANGES +++ b/deps/openssl/openssl/CHANGES @@ -2,6 +2,44 @@ OpenSSL CHANGES _______________ + This is a high-level summary of the most important changes. + For a full list of changes, see the git commit log; for example, + https://github.com/openssl/openssl/commits/ and pick the appropriate + release branch. + + Changes between 1.0.2l and 1.0.2m [2 Nov 2017] + + *) bn_sqrx8x_internal carry bug on x86_64 + + There is a carry propagating bug in the x86_64 Montgomery squaring + procedure. No EC algorithms are affected. Analysis suggests that attacks + against RSA and DSA as a result of this defect would be very difficult to + perform and are not believed likely. Attacks against DH are considered just + feasible (although very difficult) because most of the work necessary to + deduce information about a private key may be performed offline. The amount + of resources required for such an attack would be very significant and + likely only accessible to a limited number of attackers. An attacker would + additionally need online access to an unpatched system using the target + private key in a scenario with persistent DH parameters and a private + key that is shared between multiple clients. + + This only affects processors that support the BMI1, BMI2 and ADX extensions + like Intel Broadwell (5th generation) and later or AMD Ryzen. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3736) + [Andy Polyakov] + + *) Malformed X.509 IPAddressFamily could cause OOB read + + If an X.509 certificate has a malformed IPAddressFamily extension, + OpenSSL could do a one-byte buffer overread. The most likely result + would be an erroneous display of the certificate in text format. + + This issue was reported to OpenSSL by the OSS-Fuzz project. + (CVE-2017-3735) + [Rich Salz] + Changes between 1.0.2k and 1.0.2l [25 May 2017] *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target |