nodejs
diff --git a/Collapse file
‎deps/openssl/openssl/CHANGES‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/CHANGES
+38Lines changed: 38 additions & 0 deletions b/Collapse file
‎deps/openssl/openssl/CHANGES‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/CHANGES
+38Lines changed: 38 additions & 0 deletions
diff --git a/Collapse file
‎deps/openssl/openssl/INSTALL‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/INSTALL
+2-4Lines changed: 2 additions & 4 deletions b/Collapse file
‎deps/openssl/openssl/INSTALL‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/INSTALL
+2-4Lines changed: 2 additions & 4 deletions
diff --git a/Collapse file
‎deps/openssl/openssl/Makefile‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/Makefile
+1-1Lines changed: 1 addition & 1 deletion b/Collapse file
‎deps/openssl/openssl/Makefile‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/Makefile
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/Collapse file
‎deps/openssl/openssl/Makefile.bak‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/Makefile.bak
+1-1Lines changed: 1 addition & 1 deletion b/Collapse file
‎deps/openssl/openssl/Makefile.bak‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/Makefile.bak
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/Collapse file
‎deps/openssl/openssl/NEWS‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/NEWS
+5Lines changed: 5 additions & 0 deletions b/Collapse file
‎deps/openssl/openssl/NEWS‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/NEWS
+5Lines changed: 5 additions & 0 deletions
diff --git a/Collapse file
‎deps/openssl/openssl/README‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/README
+1-1Lines changed: 1 addition & 1 deletion b/Collapse file
‎deps/openssl/openssl/README‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/README
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/Collapse file
‎deps/openssl/openssl/apps/app_rand.c‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/app_rand.c
+1-10Lines changed: 1 addition & 10 deletions b/Collapse file
‎deps/openssl/openssl/apps/app_rand.c‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/app_rand.c
+1-10Lines changed: 1 addition & 10 deletions
diff --git a/Collapse file
‎deps/openssl/openssl/apps/ca.c‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/ca.c
+9-4Lines changed: 9 additions & 4 deletions b/Collapse file
‎deps/openssl/openssl/apps/ca.c‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/ca.c
+9-4Lines changed: 9 additions & 4 deletions
diff --git a/Collapse file
‎deps/openssl/openssl/apps/s_client.c‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/s_client.c
+10-23Lines changed: 10 additions & 23 deletions b/Collapse file
‎deps/openssl/openssl/apps/s_client.c‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/s_client.c
+10-23Lines changed: 10 additions & 23 deletions
diff --git a/Collapse file
‎deps/openssl/openssl/apps/s_server.c‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/s_server.c
+1-1Lines changed: 1 addition & 1 deletion b/Collapse file
‎deps/openssl/openssl/apps/s_server.c‎
Copy file name to clipboardExpand all lines: deps/openssl/openssl/apps/s_server.c
+1-1Lines changed: 1 addition & 1 deletion
@@ -2,6 +2,44 @@
  OpenSSL CHANGES
  _______________
 
+ This is a high-level summary of the most important changes.
+ For a full list of changes, see the git commit log; for example,
+ https://github.com/openssl/openssl/commits/ and pick the appropriate
+ release branch.
+
+ Changes between 1.0.2l and 1.0.2m [2 Nov 2017]
+
+  *) bn_sqrx8x_internal carry bug on x86_64
+
+     There is a carry propagating bug in the x86_64 Montgomery squaring
+     procedure. No EC algorithms are affected. Analysis suggests that attacks
+     against RSA and DSA as a result of this defect would be very difficult to
+     perform and are not believed likely. Attacks against DH are considered just
+     feasible (although very difficult) because most of the work necessary to
+     deduce information about a private key may be performed offline. The amount
+     of resources required for such an attack would be very significant and
+     likely only accessible to a limited number of attackers. An attacker would
+     additionally need online access to an unpatched system using the target
+     private key in a scenario with persistent DH parameters and a private
+     key that is shared between multiple clients.
+
+     This only affects processors that support the BMI1, BMI2 and ADX extensions
+     like Intel Broadwell (5th generation) and later or AMD Ryzen.
+
+     This issue was reported to OpenSSL by the OSS-Fuzz project.
+     (CVE-2017-3736)
+     [Andy Polyakov]
+
+  *) Malformed X.509 IPAddressFamily could cause OOB read
+
+     If an X.509 certificate has a malformed IPAddressFamily extension,
+     OpenSSL could do a one-byte buffer overread. The most likely result
+     would be an erroneous display of the certificate in text format.
+
+     This issue was reported to OpenSSL by the OSS-Fuzz project.
+     (CVE-2017-3735)
+     [Rich Salz]
+
  Changes between 1.0.2k and 1.0.2l [25 May 2017]
 
   *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
 
@@ -190,10 +190,8 @@
      the failure that isn't a problem in OpenSSL itself (like a missing
      or malfunctioning bc).  If it is a problem with OpenSSL itself,
      try removing any compiler optimization flags from the CFLAG line
-     in Makefile.ssl and run "make clean; make". Please send a bug
-     report to <openssl-bugs@openssl.org>, including the output of
-     "make report" in order to be added to the request tracker at
-     http://www.openssl.org/support/rt.html.
+     in Makefile.ssl and run "make clean; make". To report a bug please open an
+     issue on GitHub, at https://github.com/openssl/openssl/issues.
 
   4. If everything tests ok, install OpenSSL with
 
 
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.2l
+VERSION=1.0.2m
 MAJOR=1
 MINOR=0.2
 SHLIB_VERSION_NUMBER=1.0.0
 
@@ -4,7 +4,7 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.2l
+VERSION=1.0.2m
 MAJOR=1
 MINOR=0.2
 SHLIB_VERSION_NUMBER=1.0.0
 
@@ -5,6 +5,11 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.2l and OpenSSL 1.0.2m [2 Nov 2017]
+
+      o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
+      o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
+
   Major changes between OpenSSL 1.0.2k and OpenSSL 1.0.2l [25 May 2017]
 
       o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
 
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.2l 25 May 2017
+ OpenSSL 1.0.2m 2 Nov 2017
 
  Copyright (c) 1998-2015 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 
@@ -124,16 +124,7 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)
     char buffer[200];
 
 #ifdef OPENSSL_SYS_WINDOWS
-    /*
-     * allocate 2 to dont_warn not to use RAND_screen() via
-     * -no_rand_screen option in s_client
-     */
-    if (dont_warn != 2) {
-      BIO_printf(bio_e, "Loading 'screen' into random state -");
-      BIO_flush(bio_e);
-      RAND_screen();
-      BIO_printf(bio_e, " done\n");
-    }
+    RAND_screen();
 #endif
 
     if (file == NULL)
 
@@ -1985,10 +1985,6 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
     /* Lets add the extensions, if there are any */
     if (ext_sect) {
         X509V3_CTX ctx;
-        if (ci->version == NULL)
-            if ((ci->version = ASN1_INTEGER_new()) == NULL)
-                goto err;
-        ASN1_INTEGER_set(ci->version, 2); /* version 3 certificate */
 
         /*
          * Free the current entries if any, there should not be any I believe
@@ -2051,6 +2047,15 @@ static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
         goto err;
     }
 
+    {
+        STACK_OF(X509_EXTENSION) *exts = ci->extensions;
+
+        if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
+            /* Make it an X509 v3 certificate. */
+            if (!X509_set_version(ret, 2))
+                goto err;
+    }
+
     /* Set the right value for the noemailDN option */
     if (email_dn == 0) {
         if (!X509_set_subject_name(ret, dn_subject))
 
@@ -180,13 +180,6 @@ typedef unsigned int u_int;
 # include <fcntl.h>
 #endif
 
-/* Use Windows API with STD_INPUT_HANDLE when checking for input?
-   Don't look at OPENSSL_SYS_MSDOS for this, since it is always defined if
-   OPENSSL_SYS_WINDOWS is defined */
-#if defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_WINCE) && defined(STD_INPUT_HANDLE)
-#define OPENSSL_USE_STD_INPUT_HANDLE
-#endif
-
 #undef PROG
 #define PROG    s_client_main
 
@@ -236,7 +229,6 @@ static BIO *bio_c_msg = NULL;
 static int c_quiet = 0;
 static int c_ign_eof = 0;
 static int c_brief = 0;
-static int c_no_rand_screen = 0;
 
 #ifndef OPENSSL_NO_PSK
 /* Default PSK identity and key */
@@ -452,10 +444,6 @@ static void sc_usage(void)
                " -keymatexport label   - Export keying material using label\n");
     BIO_printf(bio_err,
                " -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
-#ifdef OPENSSL_SYS_WINDOWS
-    BIO_printf(bio_err,
-               " -no_rand_screen  - Do not use RAND_screen() to initialize random state\n");
-#endif
 }
 
 #ifndef OPENSSL_NO_TLSEXT
@@ -1148,10 +1136,6 @@ int MAIN(int argc, char **argv)
             keymatexportlen = atoi(*(++argv));
             if (keymatexportlen == 0)
                 goto bad;
-#ifdef OPENSSL_SYS_WINDOWS
-        } else if (strcmp(*argv, "-no_rand_screen") == 0) {
-          c_no_rand_screen = 1;
-#endif
         } else {
             BIO_printf(bio_err, "unknown option %s\n", *argv);
             badop = 1;
@@ -1268,7 +1252,7 @@ int MAIN(int argc, char **argv)
     if (!load_excert(&exc, bio_err))
         goto end;
 
-    if (!app_RAND_load_file(NULL, bio_err, ++c_no_rand_screen) && inrand == NULL
+    if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
         && !RAND_status()) {
         BIO_printf(bio_err,
                    "warning, not much extra random data, consider using the -rand option\n");
@@ -1683,6 +1667,8 @@ int MAIN(int argc, char **argv)
             if (strstr(mbuf, "/stream:features>"))
                 goto shut;
             seen = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (seen <= 0)
+                goto shut;
             mbuf[seen] = 0;
         }
         BIO_printf(sbio,
@@ -1806,16 +1792,17 @@ int MAIN(int argc, char **argv)
                     tv.tv_usec = 0;
                     i = select(width, (void *)&readfds, (void *)&writefds,
                                NULL, &tv);
-#if defined(OPENSSL_USE_STD_INPUT_HANDLE)
+# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
+                    if (!i && (!_kbhit() || !read_tty))
+                        continue;
+# else
                     if (!i && (!((_kbhit())
                                  || (WAIT_OBJECT_0 ==
                                      WaitForSingleObject(GetStdHandle
                                                          (STD_INPUT_HANDLE),
                                                          0)))
                                || !read_tty))
                         continue;
-#else
-                    if(!i && (!_kbhit() || !read_tty) ) continue;
 # endif
                 } else
                     i = select(width, (void *)&readfds, (void *)&writefds,
@@ -2017,12 +2004,12 @@ int MAIN(int argc, char **argv)
             }
         }
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
-#if defined(OPENSSL_USE_STD_INPUT_HANDLE)
+# if defined(OPENSSL_SYS_WINCE) || defined(OPENSSL_SYS_MSDOS)
+        else if (_kbhit())
+# else
         else if ((_kbhit())
                  || (WAIT_OBJECT_0 ==
                      WaitForSingleObject(GetStdHandle(STD_INPUT_HANDLE), 0)))
-#else
-        else if (_kbhit())
 # endif
 #elif defined (OPENSSL_SYS_NETWARE)
         else if (_kbhit())
 
@@ -3017,7 +3017,7 @@ static int www_body(char *hostname, int s, int stype, unsigned char *context)
                 PEM_write_bio_X509(io, peer);
             } else
                 BIO_puts(io, "no client certificate available\n");
-            BIO_puts(io, "</BODY></HTML>\r\n\r\n");
+            BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
             break;
         } else if ((www == 2 || www == 3)
                    && (strncmp("GET /", buf, 5) == 0)) {