apps/CA.pl.in | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

---

config | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

---

Configure | 53 53 + 0 - 0 !
1 file changed, 53 insertions(+)

---

Configure | 2 1 + 1 - 0 !
Makefile.org | 2 1 + 1 - 0 !
engines/Makefile | 10 5 + 5 - 0 !
engines/ccgost/Makefile | 6 3 + 3 - 0 !
4 files changed, 10 insertions(+), 10 deletions(-)

---

Makefile.org | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

Makefile.org | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

---

Makefile.shared | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

Makefile.shared | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---

crypto/des/asm/desboth.pl | 17 14 + 3 - 0 !
crypto/perlasm/cbc.pl | 24 20 + 4 - 0 !
crypto/perlasm/x86gas.pl | 16 16 + 0 - 0 !
crypto/x86cpuid.pl | 10 5 + 5 - 0 !
4 files changed, 55 insertions(+), 12 deletions(-)

---

crypto/rand/md_rand.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

---

tools/c_rehash.in | 12 9 + 3 - 0 !
1 file changed, 9 insertions(+), 3 deletions(-)

---

Configure | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

---

crypto/sha/sha.h | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

---

Configure | 2 2 + 0 - 0 !
engines/ccgost/openssl.ld | 10 10 + 0 - 0 !
engines/openssl.ld | 10 10 + 0 - 0 !
openssl.ld | 4620 4620 + 0 - 0 !
4 files changed, 4642 insertions(+)

---

tools/c_rehash.in | 8 7 + 1 - 0 !
1 file changed, 7 insertions(+), 1 deletion(-)

 [patch] also create old hash for compatibility

crypto/x509/x509_vfy.c | 27 27 + 0 - 0 !
1 file changed, 27 insertions(+)

 make x509_verify_cert indicate that any certificate whose
 name contains "DigiNotar" is revoked.

crypto/x509/x509_vfy.c | 7 4 + 3 - 0 !
1 file changed, 4 insertions(+), 3 deletions(-)

 make x509_verify_cert indicate that any certificate whose
 name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.

apps/dhparam.c | 4 2 + 2 - 0 !
apps/gendh.c | 2 1 + 1 - 0 !
apps/genrsa.c | 2 1 + 1 - 0 !
apps/openssl.cnf | 2 1 + 1 - 0 !
crypto/dsa/dsa_ameth.c | 2 1 + 1 - 0 !
crypto/ec/ec_ameth.c | 2 1 + 1 - 0 !
crypto/hmac/hm_ameth.c | 2 1 + 1 - 0 !
crypto/rsa/rsa_ameth.c | 2 1 + 1 - 0 !
8 files changed, 9 insertions(+), 9 deletions(-)

 change default bit size and digest
Date: Fri, 01 Nov 2013 20:47:14 +0100

crypto/bn/asm/x86_64-gcc.c | 14 7 + 7 - 0 !
1 file changed, 7 insertions(+), 7 deletions(-)

---

crypto/aes/asm/aes-ppc.pl | 113 100 + 13 - 0 !
crypto/perlasm/ppc-xlate.pl | 45 38 + 7 - 0 !
crypto/sha/asm/sha1-ppc.pl | 30 26 + 4 - 0 !
crypto/sha/asm/sha512-ppc.pl | 107 65 + 42 - 0 !
4 files changed, 229 insertions(+), 66 deletions(-)

---

ssl/s2_lib.c | 2 1 + 1 - 0 !
ssl/s2_srvr.c | 55 46 + 9 - 0 !
2 files changed, 47 insertions(+), 10 deletions(-)

 [patch 6/6] fix reachable assert in sslv2 servers.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This assert is reachable for servers that support SSLv2 and export ciphers.
Therefore, such servers can be DoSed by sending a specially crafted
SSLv2 CLIENT-MASTER-KEY.

Also fix s2_srvr.c to error out early if the key lengths are malformed.
These lengths are sent unencrypted, so this does not introduce an oracle.

CVE-2015-0293

This issue was discovered by Sean Burford (Google) and Emilia Ksper of
the OpenSSL development team.

crypto/pkcs7/pk7_doit.c | 94 76 + 18 - 0 !
crypto/pkcs7/pk7_lib.c | 3 3 + 0 - 0 !
2 files changed, 79 insertions(+), 18 deletions(-)

 [patch 5/6] pkcs#7: avoid null pointer dereferences with missing
 content

In PKCS#7, the ASN.1 content component is optional.
This typically applies to inner content (detached signatures),
however we must also handle unexpected missing outer content
correctly.

This patch only addresses functions reachable from parsing,
decryption and verification, and functions otherwise associated
with reading potentially untrusted data.

Correcting all low-level API calls requires further work.

CVE-2015-0289

Thanks to Michal Zalewski (Google) for reporting this issue.

crypto/asn1/a_type.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 [patch 4/6] fix asn1_type_cmp

Fix segmentation violation when ASN1_TYPE_cmp is passed a boolean type. This
can be triggered during certificate verification so could be a DoS attack
against a client or a server enabling client authentication.

CVE-2015-0286

crypto/asn1/tasn_dec.c | 24 21 + 3 - 0 !
1 file changed, 21 insertions(+), 3 deletions(-)

 [patch 2/6] free up adb and choice if already initialised.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2015-0287

ssl/ssl_locl.h | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch 1/6] fix warning

doc/apps/ciphers.pod | 4 2 + 2 - 0 !
ssl/ssl.h | 2 1 + 1 - 0 !
ssl/ssl_ciph.c | 8 7 + 1 - 0 !
3 files changed, 10 insertions(+), 4 deletions(-)

 [patch] remove export ciphers from the default cipher list

They are moved to the COMPLEMENTOFDEFAULT instead.
This also fixes SSLv2 to be part of COMPLEMENTOFDEFAULT.

ssl/s3_pkt.c | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 [patch] make dtls always act as if read_ahead is set. the actual
 value of read_ahead is ignored for DTLS.

RT#3657

crypto/ec/ec_asn1.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch] fix a failure to null a pointer freed on error.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>

CVE-2015-0209

crypto/x509/x509_req.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 [patch] check public key is not null.

CVE-2015-0288
PR#3708

crypto/asn1/x_x509.c | 12 11 + 1 - 0 !
crypto/ec/ec_asn1.c | 7 5 + 2 - 0 !
2 files changed, 16 insertions(+), 3 deletions(-)

 [patch 08/12] fix a failure to null a pointer freed on error.

Reported by the LibreSSL project as a follow on to CVE-2015-0209