summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Jeffrey Walton [Sat, 24 Dec 2016 09:55:21 +0000 (04:55 -0500)]
[PATCH] Add additional validations based on X.690 rules
The library was a tad bit fast and loose with respect to parsing some of the ASN.1 presented to it. It was kind of like we used Alternate Encoding Rules (AER), which was more relaxed than BER, CER or DER. This commit closes most of the gaps.
The changes are distantly related to Issue 346. Issue 346 caught a CVE bcause of the transient DoS. These fixes did not surface with negative effcts. Rather, the library was a bit too accomodating to the point it was not conforming
Gbp-Pq: Name Additional_ASN.1_validations.patch
Gergely Nagy [Wed, 14 Dec 2016 12:19:01 +0000 (13:19 +0100)]
[PATCH] Fix possible DoS in ASN.1 decoders (CVE-2016-9939)
Gbp-Pq: Name CVE-2016-9939.patch
Laszlo Boszormenyi (GCS) [Mon, 5 Jun 2017 06:55:28 +0000 (07:55 +0100)]
integer
Gbp-Pq: Name integer.diff
Jeffrey Walton [Fri, 28 Oct 2016 04:33:43 +0000 (00:33 -0400)]
[PATCH] Fix compile under Debian Hurd (i386) Debian Hurd defines __MACH__, and it was picking up "#define CRYPTOPP_SECTION_INIT __attribute__((section (__DATA,__data)))" intended for Apple linkers
Gbp-Pq: Name Hurd-compile-fix.patch
Jeffrey Walton [Tue, 1 Nov 2016 02:34:59 +0000 (22:34 -0400)]
[PATCH] Fix potential zeroizer removal (Issue 331)
Gbp-Pq: Name Fix_potential_zeroizer_removal.patch
Laszlo Boszormenyi (GCS) [Mon, 5 Jun 2017 06:55:28 +0000 (07:55 +0100)]
libcrypto++ (5.6.4-7) unstable; urgency=high
* Backport security fix for out-of-bounds read in zinflate.
[dgit import unpatched libcrypto++ 5.6.4-7]
Laszlo Boszormenyi (GCS) [Mon, 5 Jun 2017 06:55:28 +0000 (07:55 +0100)]
Import libcrypto++_5.6.4-7.debian.tar.xz
[dgit import tarball libcrypto++ 5.6.4-7 libcrypto++_5.6.4-7.debian.tar.xz]
Laszlo Boszormenyi (GCS) [Sat, 8 Oct 2016 16:27:30 +0000 (17:27 +0100)]
Import libcrypto++_5.6.4.orig.tar.xz
[dgit import orig libcrypto++_5.6.4.orig.tar.xz]
projects / libcrypto++.git / log