git: vendor/LIBRESSL vendor/libressl: upgrade from 3.2.2 to 3.2.3

Daniel Fojt deef at crater.dragonflybsd.org
Thu Dec 10 11:18:45 PST 2020


commit f18286592aa78dee55a73a5cee5927c90318afda
Author: Daniel Fojt <df at neosystem.org>
Date:   Thu Dec 10 18:13:07 2020 +0100

    vendor/libressl: upgrade from 3.2.2 to 3.2.3
    
    Fixes ASN.1 vulnerability (aka CVE-2020-1971):
    
    * Malformed ASN.1 in a certificate revocation list or a timestamp
      response token can lead to a NULL pointer dereference

Summary of changes:
 crypto/libressl/VERSION                    |  2 +-
 crypto/libressl/crypto/asn1/asn1_err.c     |  3 +-
 crypto/libressl/crypto/asn1/asn1_lib.c     |  4 ++-
 crypto/libressl/crypto/asn1/tasn_dec.c     | 22 ++++++++++++-
 crypto/libressl/crypto/asn1/tasn_enc.c     | 21 +++++++++++-
 crypto/libressl/crypto/x509/x509_genn.c    | 52 ++++++++++++++++++++++++++----
 crypto/libressl/include/openssl/asn1.h     |  3 +-
 crypto/libressl/include/openssl/opensslv.h |  4 +--
 8 files changed, 97 insertions(+), 14 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/f18286592aa78dee55a73a5cee5927c90318afda


-- 
DragonFly BSD source repository



More information about the Commits mailing list