git: vendor/LIBRESSL vendor/libressl: upgrade from 3.2.2 to 3.2.3
Daniel Fojt
deef at crater.dragonflybsd.org
Thu Dec 10 11:18:45 PST 2020
commit f18286592aa78dee55a73a5cee5927c90318afda
Author: Daniel Fojt <df at neosystem.org>
Date: Thu Dec 10 18:13:07 2020 +0100
vendor/libressl: upgrade from 3.2.2 to 3.2.3
Fixes ASN.1 vulnerability (aka CVE-2020-1971):
* Malformed ASN.1 in a certificate revocation list or a timestamp
response token can lead to a NULL pointer dereference
Summary of changes:
crypto/libressl/VERSION | 2 +-
crypto/libressl/crypto/asn1/asn1_err.c | 3 +-
crypto/libressl/crypto/asn1/asn1_lib.c | 4 ++-
crypto/libressl/crypto/asn1/tasn_dec.c | 22 ++++++++++++-
crypto/libressl/crypto/asn1/tasn_enc.c | 21 +++++++++++-
crypto/libressl/crypto/x509/x509_genn.c | 52 ++++++++++++++++++++++++++----
crypto/libressl/include/openssl/asn1.h | 3 +-
crypto/libressl/include/openssl/opensslv.h | 4 +--
8 files changed, 97 insertions(+), 14 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/f18286592aa78dee55a73a5cee5927c90318afda
--
DragonFly BSD source repository
More information about the Commits
mailing list