diff --git a/CHANGES b/CHANGES index b622c835cf..92eee8437e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4270. [security] Update allowed OpenSSL versions as named is + potentially vulnerable to CVE-2015-3193. + 4269. [bug] Zones using "map" format master files currently don't work as policy zones. This limitation has now been documented; attempting to use such zones diff --git a/configure b/configure index be3a4c8707..a709c80c9f 100755 --- a/configure +++ b/configure @@ -15803,12 +15803,17 @@ else int main() { if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL && OPENSSL_VERSION_NUMBER < 0x00908000L) || - OPENSSL_VERSION_NUMBER >= 0x0090804fL) + OPENSSL_VERSION_NUMBER >= 0x0090804fL && + OPENSSL_VERSION_NUMBER < 0x10002000L) || + OPENSSL_VERSION_NUMBER >= 0x1000205fL) return (0); printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n", OPENSSL_VERSION_NUMBER); printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n" - "Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n\n"); + "Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n" + "Require OPENSSL_VERSION_NUMBER 0x1000000f or greater (1.0.0)\n" + "Require OPENSSL_VERSION_NUMBER 0x1000100f or greater (1.0.1)\n" + "Require OPENSSL_VERSION_NUMBER 0x1000205f or greater (1.0.2e)\n\n"); return (1); } @@ -24708,11 +24713,12 @@ WARNING Your OpenSSL crypto library may be vulnerable to WARNING WARNING one or more of the the following known security WARNING WARNING flaws: WARNING WARNING WARNING -WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and WARNING -WARNING CVE-2006-2940. WARNING +WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937, WARNING +WARNING CVE-2006-2940 and CVE-2015-3193. WARNING WARNING WARNING WARNING It is recommended that you upgrade to OpenSSL WARNING -WARNING version 0.9.8d/0.9.7l (or greater). WARNING +WARNING version 1.0.2e/1.0.1/1.0.0/0.9.9/0.9.8d/0.9.7l WARNING +WARNING (or greater). WARNING WARNING WARNING WARNING You can disable this warning by specifying: WARNING WARNING WARNING diff --git a/configure.in b/configure.in index 00251040b7..912768a979 100644 --- a/configure.in +++ b/configure.in @@ -1573,12 +1573,17 @@ yes|'') int main() { if ((OPENSSL_VERSION_NUMBER >= 0x009070cfL && OPENSSL_VERSION_NUMBER < 0x00908000L) || - OPENSSL_VERSION_NUMBER >= 0x0090804fL) + OPENSSL_VERSION_NUMBER >= 0x0090804fL && + OPENSSL_VERSION_NUMBER < 0x10002000L) || + OPENSSL_VERSION_NUMBER >= 0x1000205fL) return (0); printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n", OPENSSL_VERSION_NUMBER); printf("Require OPENSSL_VERSION_NUMBER 0x009070cf or greater (0.9.7l)\n" - "Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n\n"); + "Require OPENSSL_VERSION_NUMBER 0x0090804f or greater (0.9.8d)\n" + "Require OPENSSL_VERSION_NUMBER 0x1000000f or greater (1.0.0)\n" + "Require OPENSSL_VERSION_NUMBER 0x1000100f or greater (1.0.1)\n" + "Require OPENSSL_VERSION_NUMBER 0x1000205f or greater (1.0.2e)\n\n"); return (1); } ], @@ -4974,11 +4979,12 @@ WARNING Your OpenSSL crypto library may be vulnerable to WARNING WARNING one or more of the the following known security WARNING WARNING flaws: WARNING WARNING WARNING -WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937 and WARNING -WARNING CVE-2006-2940. WARNING +WARNING CAN-2002-0659, CAN-2006-4339, CVE-2006-2937, WARNING +WARNING CVE-2006-2940 and CVE-2015-3193. WARNING WARNING WARNING WARNING It is recommended that you upgrade to OpenSSL WARNING -WARNING version 0.9.8d/0.9.7l (or greater). WARNING +WARNING version 1.0.2e/1.0.1/1.0.0/0.9.9/0.9.8d/0.9.7l WARNING +WARNING (or greater). WARNING WARNING WARNING WARNING You can disable this warning by specifying: WARNING WARNING WARNING