- Fix HMAC ABI incompatibility. The previous version introduced an ABI
incompatibility in the handling of HMAC. The previous ABI has now been
restored.
- Malformed ECParameters causes infinite loop
When processing an ECParameters structure OpenSSL enters an infinite loop
if the curve specified is over a specially malformed binary polynomial
field.
This can be used to perform denial of service against any
system which processes public keys, certificate requests or
certificates. This includes TLS clients and TLS servers with
client authentication enabled.
This issue was reported to OpenSSL by Joseph Barr-Pixton.
(CVE-2015-1788)
[Andy Polyakov]
- Exploitable out-of-bounds read in X509_cmp_time
X509_cmp_time does not properly check the length of the ASN1_TIME
string and can read a few bytes out of bounds. In addition,
X509_cmp_time accepts an arbitrary number of fractional seconds in the
time string.
An attacker can use this to craft malformed certificates and CRLs of
various sizes and potentially cause a segmentation fault, resulting in
a DoS on applications that verify certificates or CRLs. TLS clients
that verify CRLs are affected. TLS clients and servers with client
authentication enabled may be affected if they use custom verification
callbacks.
This issue was reported to OpenSSL by Robert Swiecki (Google), and
independently by Hanno Böck.
(CVE-2015-1789)
[Emilia Käsper]
- PKCS7 crash with missing EnvelopedContent
The PKCS#7 parsing code does not handle missing inner EncryptedContent
correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
with missing content and trigger a NULL pointer dereference on parsing.
Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
structures from untrusted sources are affected. OpenSSL clients and
servers are not affected.
This issue was reported to OpenSSL by Michal Zalewski (Google).
(CVE-2015-1790)
[Emilia Käsper]
- CMS verify infinite loop with unknown hash function
When verifying a signedData message the CMS code can enter an infinite loop
if presented with an unknown hash function OID. This can be used to perform
denial of service against any system which verifies signedData messages using
the CMS code.
This issue was reported to OpenSSL by Johannes Bauer.
(CVE-2015-1792)
[Stephen Henson]
- Race condition handling NewSessionTicket
If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.
(CVE-2015-1791)
[Matt Caswell]
- Removed support for the two export grade static DH ciphersuites
EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
were newly added (along with a number of other static DH ciphersuites) to
1.0.2. However the two export ones have *never* worked since they were
introduced. It seems strange in any case to be adding new export
ciphersuites, and given "logjam" it also does not seem correct to fix them.
[Matt Caswell]
- Only support 256-bit or stronger elliptic curves with the
'ecdh_auto' setting (server) or by default (client). Of supported
curves, prefer P-256 (both).
[Emilia Kasper]
- Reject DH handshakes with parameters shorter than 768 bits.
[Kurt Roeckx and Emilia Kasper]
- Avoid a corner case segfault when no search URL is found in dillorc.
- Fix linking problem with fltk-1.3.3 and fl_oldfocus.
- Don't follow redirections or meta refresh in --local mode.
- Don't load background images in --local mode.
- Make sure window is resizable with fltk-1.3.3.
- Remove Fl_Printer stub that always gave problems compiling under OSX.
3.26: 2015-06-10
Output redirect with '>>' appends to the output file.
The strip blob command can take a selection set.
Repo source type is now kept inline in stream files and emitted on write.
Legacy IDs are now kept inline in stream files and emitted on write.
The selection syntax <#nnn> now names commit nnn, 1-origin numbering.
3.25: 2015-06-03
Reading hg is now supported through an extractor class, no plugin required.
Now 'blob' command allows creating new content from lift scripts.
3.24: 2015-05-31
Fix repository-type detection bug introduced in 3.23.
DVCS Migration HOWTO is now merged into this distribution.
Legacy-ID detection is now more discriminating, based on sourcetype.
3.23: 2015-05-29
The 'prefer' command no longer changes the repo type, but 'sourcetype' does.
The =N set is all commits and tags with text matching a legacy ID.
Legacy-ID recognition is more intelligent, depending on the source type.
The 'lint' command now checks for time and action-stamp collisions.
Exporters can now embed a repository type declaration in an import stream.
Fast-import syntax extensions are documented.
3.22: 2015-05-20
The path rename --relax option has been removed as too confusing.
In selection expressions, =Z is the set of all commits with no fileops.
repopuller has been replaced by the more general repotool.
For consistency, the 'changed' modifier of mailbox_in is now '--changed'.
New '--create' option of mailbox_in to create new tags and commits.
The command prompt can be queried or set with the new command 'prompt'.
Change in terminology: fossil IDs and maps are now legacy IDs and maps.
A front end can now set legacy IDs via the "legacy-id" property.
DMRCN suffix flags on restrict path regexp matches to specified op types.
The 'remove' command can now be told to look for specific fileop types.
3.21: 2015-04-02
In selection expressions, =U is the set of all commits with callouts.
3.20: 2015-02-22
Code is now fully functional, all regression test passing, on Mac OS X.
Warn in the docs about the consequences of case-smashing filesystems.
diff command no longer relies on external diff(1).
Bugfix for writing callouts in partial dumps.
Aaron Plattner (1):
Use the right screen from $DISPLAY
Chris Wilson (13):
repeat: Specify test width/height rather than relying on win_width/height
blend: Combine multiple tests into a single XGetImage request
composite: Batch tests
Split out printing the results from eval_diff()
repeat: Only call GetImage once for each test.
triangles: Use a single GetImage call to sample the result
tsrcoords: Sample result with just a single GetImage
tsrcoords2: Sample result using a single GetImage
dstcoords: Sample result using a single GetImage
TODO: Multiple roundtrips for image processing due to get_pixel fixed
blend: Handle more sources than available rows in the window
composite: Handle more sources than available rows in the window
blend: Second attempt to handle multiple source pages...
Damien Leone (1):
t_tsrccoords: Skip this test when using indexed picture formats
Dave Airlie (3):
rendercheck: make gradient results align with pixman
rendercheck: constrain accuracy
rendercheck 1.5
Eric Anholt (6):
Fix const cast warnings in our ops definitions.
Convert to using asprintf for describe_format.
Disable useless shadow warnings.
Shut up some const assignment warnings.
Add test for GTK rendering bug in glamor.
Add test for a rendering bug in libreoffice.
Gaetan Nadon (1):
config: remove unrequired AC_HEADER_STDC
Jeremy Huddleston (2):
Report which test groups passed successfully
Include strings.h for strcasecmp
Matt Craighead (1):
fix compiler warnings
Vikram Fugro (1):
t_triangles: Fix for triangles(trapezoids) test case
Update print/cups to cups-2.0.3. Provided by Leonardo Taccari in PR 49960.
pkgsrc changes:
- Delete "slpd" in the rc.d script. According to CHANGES-1.6.txt CUPS no longer
support the SLP protocol.
Changes:
CHANGES IN CUPS V2.0.3
----------------------
- Security: Fixed CERT VU #810572 exploiting the dynamic linker
(STR #4609)
- Security: The scheduler could hang with malformed gzip data
(STR #4602)
- Restored missing generic printer icon file (STR #4587)
- Fixed logging of configuration errors to show up as errors (STR #4582)
- Fixed potential buffer overflows in raster code and filters
(STR #4598, STR #4599, STR #4600, STR #4601)
- Fixed a gzip processing bug (#4602)
- Fixed <Limit> inside <Location> (STR #4575)
- Fixed lpadmin when both -m and -o are used (STR #4578)
- The web interface always showed support for 2-sided printing
(STR #4595)
- cupsRasterReadHeader did not fully validate the raster header
(STR #4596)
- The rastertopwg filter did not check for truncated input (STR #4597)
- The cups-lpd mini-daemon did not check for request parameters
(STR #4603)
- The scheduler could get caught in a busy loop (STR #4605)
- The sample Epson driver could crash (STR #4616)
- The IPP backend now correctly monitors jobs
(<rdar://problem/20495955>)
- The ppdhtml and ppdpo utilities crashed when the -D option was used
before a driver information file (STR #4627)
- ippfind incorrectly substituted "=port" for service_port.
- The IPP/1.1 test file did not handle the initial print job
completing early (STR #4576)
- Fixed a memory leak in cupsConnectDest (STR #4634)
- PWG Raster Format output contained invalid ImageBox values
(<rdar://problem/21144309>)
- Added Russian translation (STR #4577)
- Added German translation (STR #4635)
This is former security/polarssl rebranded under a new name, keeping the same
API though and providing the previous libs as symlinks, so should be used as
as drop-in replacement for security/polarssl.
Changelog since polarssl-1.3.9 follows.
= mbed TLS 1.3.11 released 2015-06-04
Security
* With authmode set to SSL_VERIFY_OPTIONAL, verification of keyUsage and
extendedKeyUsage on the leaf certificate was lost (results not accessible
via ssl_get_verify_results()).
* Add countermeasure against "Lucky 13 strikes back" cache-based attack,
https://dl.acm.org/citation.cfm?id=2714625
Features
* Improve ECC performance by using more efficient doubling formulas
(contributed by Peter Dettman).
* Add x509_crt_verify_info() to display certificate verification results.
* Add support for reading DH parameters with privateValueLength included
(contributed by Daniel Kahn Gillmor).
* Add support for bit strings in X.509 names (request by Fredrik Axelsson).
* Add support for id-at-uniqueIdentifier in X.509 names.
* Add support for overriding snprintf() (except on Windows) and exit() in
the platform layer.
* Add an option to use macros instead of function pointers in the platform
layer (helps get rid of unwanted references).
* Improved Makefiles for Windows targets by fixing library targets and making
cross-compilation easier (thanks to Alon Bar-Lev).
* The benchmark program also prints heap usage for public-key primitives
if POLARSSL_MEMORY_BUFFER_ALLOC_C and POLARSSL_MEMORY_DEBUG are defined.
* New script ecc-heap.sh helps measuring the impact of ECC parameters on
speed and RAM (heap only for now) usage.
* New script memory.sh helps measuring the ROM and RAM requirements of two
reduced configurations (PSK-CCM and NSA suite B).
* Add config flag POLARSSL_DEPRECATED_WARNING (off by default) to produce
warnings on use of deprecated functions (with GCC and Clang only).
* Add config flag POLARSSL_DEPRECATED_REMOVED (off by default) to produce
errors on use of deprecated functions.
Bugfix
* Fix compile errors with PLATFORM_NO_STD_FUNCTIONS.
* Fix compile error with PLATFORM_EXIT_ALT (thanks to Rafał Przywara).
* Fix bug in entropy.c when THREADING_C is also enabled that caused
entropy_free() to crash (thanks to Rafał Przywara).
* Fix memory leak when gcm_setkey() and ccm_setkey() are used more than
once on the same context.
* Fix bug in ssl_mail_client when password is longer that username (found
by Bruno Pape).
* Fix undefined behaviour (memcmp( NULL, NULL, 0 );) in X.509 modules
(detected by Clang's 3.6 UBSan).
* mpi_size() and mpi_msb() would segfault when called on an mpi that is
initialized but not set (found by pravic).
* Fix detection of support for getrandom() on Linux (reported by syzzer) by
doing it at runtime (using uname) rather that compile time.
* Fix handling of symlinks by "make install" (found by Gaël PORTAY).
* Fix potential NULL pointer dereference (not trigerrable remotely) when
ssl_write() is called before the handshake is finished (introduced in
1.3.10) (first reported by Martin Blumenstingl).
* Fix bug in pk_parse_key() that caused some valid private EC keys to be
rejected.
* Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).
* Fix thread safety bug in RSA operations (found by Fredrik Axelsson).
* Fix hardclock() (only used in the benchmarking program) with some
versions of mingw64 (found by kxjhlele).
* Fix warnings from mingw64 in timing.c (found by kxjklele).
* Fix potential unintended sign extension in asn1_get_len() on 64-bit
platforms.
* Fix potential memory leak in ssl_set_psk() (found by Mansour Moufid).
* Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and
POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced
in 1.3.10).
* Add missing extern "C" guard in aesni.h (reported by amir zamani).
* Add missing dependency on SHA-256 in some x509 programs (reported by
Gergely Budai).
* Fix bug related to ssl_set_curves(): the client didn't check that the
curve picked by the server was actually allowed.
Changes
* Remove bias in mpi_gen_prime (contributed by Pascal Junod).
* Remove potential sources of timing variations (some contributed by Pascal
Junod).
* Options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 are deprecated.
* Enabling POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated.
* compat-1.2.h and openssl.h are deprecated.
* Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now
more flexible (warning: OFLAGS is not used any more) (see the README)
(contributed by Alon Bar-Lev).
* ssl_set_own_cert() no longer calls pk_check_pair() since the
performance impact was bad for some users (this was introduced in 1.3.10).
* Move from SHA-1 to SHA-256 in example programs using signatures
(suggested by Thorsten Mühlfelder).
* Remove some unneeded inclusions of header files from the standard library
"minimize" others (eg use stddef.h if only size_t is needed).
* Change #include lines in test files to use double quotes instead of angle
brackets for uniformity with the rest of the code.
* Remove dependency on sscanf() in X.509 parsing modules.
= mbed TLS 1.3.10 released 2015-02-09
Security
* NULL pointer dereference in the buffer-based allocator when the buffer is
full and polarssl_free() is called (found by Mark Hasemeyer)
(only possible if POLARSSL_MEMORY_BUFFER_ALLOC_C is enabled, which it is
not by default).
* Fix remotely-triggerable uninitialised pointer dereference caused by
crafted X.509 certificate (TLS server is not affected if it doesn't ask for a
client certificate) (found using Codenomicon Defensics).
* Fix remotely-triggerable memory leak caused by crafted X.509 certificates
(TLS server is not affected if it doesn't ask for a client certificate)
(found using Codenomicon Defensics).
* Fix potential stack overflow while parsing crafted X.509 certificates
(TLS server is not affected if it doesn't ask for a client certificate)
(found using Codenomicon Defensics).
* Fix timing difference that could theoretically lead to a
Bleichenbacher-style attack in the RSA and RSA-PSK key exchanges
(reported by Sebastian Schinzel).
Features
* Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv).
* Add support for Extended Master Secret (draft-ietf-tls-session-hash).
* Add support for Encrypt-then-MAC (RFC 7366).
* Add function pk_check_pair() to test if public and private keys match.
* Add x509_crl_parse_der().
* Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
length of an X.509 verification chain.
* Support for renegotiation can now be disabled at compile-time
* Support for 1/n-1 record splitting, a countermeasure against BEAST.
* Certificate selection based on signature hash, preferring SHA-1 over SHA-2
for pre-1.2 clients when multiple certificates are available.
* Add support for getrandom() syscall on recent Linux kernels with Glibc or
a compatible enough libc (eg uClibc).
* Add ssl_set_arc4_support() to make it easier to disable RC4 at runtime
while using the default ciphersuite list.
* Added new error codes and debug messages about selection of
ciphersuite/certificate.
Bugfix
* Stack buffer overflow if ctr_drbg_update() is called with too large
add_len (found by Jean-Philippe Aumasson) (not triggerable remotely).
* Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE
if memory_buffer_alloc_init() was called with buf not aligned and len not
a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE (not triggerable remotely).
* User set CFLAGS were ignored by Cmake with gcc (introduced in 1.3.9, found
by Julian Ospald).
* Fix potential undefined behaviour in Camellia.
* Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a
multiple of 8 (found by Gergely Budai).
* Fix unchecked return code in x509_crt_parse_path() on Windows (found by
Peter Vaskovic).
* Fix assembly selection for MIPS64 (thanks to James Cowgill).
* ssl_get_verify_result() now works even if the handshake was aborted due
to a failed verification (found by Fredrik Axelsson).
* Skip writing and parsing signature_algorithm extension if none of the
key exchanges enabled needs certificates. This fixes a possible interop
issue with some servers when a zero-length extension was sent. (Reported
by Peter Dettman.)
* On a 0-length input, base64_encode() did not correctly set output length
(found by Hendrik van den Boogaard).
Changes
* Use deterministic nonces for AEAD ciphers in TLS by default (possible to
switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h).
* Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
* ssl_set_own_cert() now returns an error on key-certificate mismatch.
* Forbid repeated extensions in X.509 certificates.
* debug_print_buf() now prints a text view in addition to hexadecimal.
* A specific error is now returned when there are ciphersuites in common
but none of them is usable due to external factors such as no certificate
with a suitable (extended)KeyUsage or curve or no PSK set.
* It is now possible to disable negotiation of truncated HMAC server-side
patch-main.c is rolled in.
release 0.5 (20150612)
- Don't report unclosed comments as "No newline at end of file".
- Don't rely on <stdbool.h> existing, as (predictably) it doesn't
work on Solaris.
- Similarly, don't rely on C11 anonymous unions as the Solaris
compiler vomits on them.
- Typo fix in man page from Jason McIntyre; and change "Usage" to
"usage" in usage for pedantic reasons, from Igor Sobrado.
- Accept "-" as either input or output file name to mean stdin or
stdout respectively. Suggested by Jonathan Gray.
- Fix output spacing behavior to match gcc when newlines appear in or
while looking for macro arguments. Partly from Joerg Sonnenberger.
- Implement __FILE__ and __LINE__ macros. Mostly from Joerg Sonnenberger.
- Implement #line. Partly from Joerg Sonnenberger.
- Declare usage() with PF(). From wiz.
Upstream changes:
Changes in version 2.46
-----------------------
* Fix bug https://rt.cpan.org/Ticket/Display.html?id=104842
Kudo's to EDAVIS for finding this very obscure bug.
* Some small changes/additions to the test suite and examples.
Upstream changes:
1.3136 2015-05-24
[DOCUMENTATION]
- Remove mention of format 'with_id' from Dancer::Logger::Abstract.
(GH#112, Fabrice Gabolde)
[ENHANCEMENTS]
- Cache sessions such that they are only retrieved once per request.
(GH#1105, GH#992, Yanick Champoux)
