forked from pool/openssl-1_1
8fb8948616
- Update to 1.1.1t: * Fixed X.400 address type confusion in X.509 GeneralName. There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This vulnerability may allow an attacker who can provide a certificate chain and CRL (neither of which need have a valid signature) to pass arbitrary pointers to a memcmp call, creating a possible read primitive, subject to some constraints. Refer to the advisory for more information. Thanks to David Benjamin for discovering this issue. [bsc#1207533, CVE-2023-0286] This issue has been fixed by changing the public header file definition of GENERAL_NAME so that x400Address reflects the implementation. It was not possible for any existing application to successfully use the existing definition; however, if any application references the x400Address field (e.g. in dead code), note that the type of this field has changed. There is no ABI change. * Fixed Use-after-free following BIO_new_NDEF. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. OBS-URL: https://build.opensuse.org/request/show/1063668 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=128 |
||
---|---|---|
.gitattributes | ||
.gitignore | ||
0001-s390x-assembly-pack-perlasm-support.patch | ||
0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch | ||
0003-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch | ||
0004-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch | ||
0005-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch | ||
0006-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch | ||
baselibs.conf | ||
openssl-1_1-AES-GCM-performance-optimzation-with-stitched-method.patch | ||
openssl-1_1-chacha20-performance-optimizations-for-ppc64le-with-.patch | ||
openssl-1_1-disable-test_srp-sslapi.patch | ||
openssl-1_1-FIPS-fix-error-reason-codes.patch | ||
openssl-1_1-Fix-AES-GCM-on-Power-8-CPUs.patch | ||
openssl-1_1-Fixed-conditional-statement-testing-64-and-256-bytes.patch | ||
openssl-1_1-Fixed-counter-overflow.patch | ||
openssl-1_1-openssl-config.patch | ||
openssl-1_1-Optimize-AES-GCM-uarchs.patch | ||
openssl-1_1-Optimize-AES-XTS-aarch64.patch | ||
openssl-1_1-Optimize-ppc64.patch | ||
openssl-1_1-Optimize-RSA-armv8.patch | ||
openssl-1_1-paramgen-default_to_rfc7919.patch | ||
openssl-1_1-seclevel.patch | ||
openssl-1_1-use-include-directive.patch | ||
openssl-1_1-use-seclevel2-in-tests.patch | ||
openssl-1_1.changes | ||
openssl-1_1.spec | ||
openssl-1.1.0-issuer-hash.patch | ||
openssl-1.1.0-no-html.patch | ||
openssl-1.1.1-evp-kdf.patch | ||
openssl-1.1.1-fips-crng-test.patch | ||
openssl-1.1.1-fips-post-rand.patch | ||
openssl-1.1.1-fips.patch | ||
openssl-1.1.1-ssh-kdf.patch | ||
openssl-1.1.1-system-cipherlist.patch | ||
openssl-1.1.1t.tar.gz | ||
openssl-1.1.1t.tar.gz.asc | ||
openssl-add_rfc3526_rfc7919.patch | ||
openssl-assembly-pack-accelerate-scalar-multiplication.patch | ||
openssl-DEFAULT_SUSE_cipher.patch | ||
openssl-Enable-curve-spefific-ECDSA-implementations-via-EC_M.patch | ||
openssl-fips_fix_selftests_return_value.patch | ||
openssl-fips_mode.patch | ||
openssl-fips_selftest_upstream_drbg.patch | ||
openssl-fips-add-SHA3-selftest.patch | ||
openssl-fips-clearerror.patch | ||
openssl-fips-dont_run_FIPS_module_installed.patch | ||
openssl-fips-ignore_broken_atexit_test.patch | ||
openssl-fips-run_selftests_only_when_module_is_complete.patch | ||
openssl-fips-selftests_in_nonfips_mode.patch | ||
openssl-Fix-9bf682f-which-broke-nistp224_method.patch | ||
openssl-keep_EVP_KDF_functions_version.patch | ||
openssl-OPENSSL_s390xcap.pod-list-msa9-facility-bit-155.patch | ||
openssl-pkgconfig.patch | ||
openssl-ppc64-config.patch | ||
openssl-riscv64-config.patch | ||
openssl-s390x-assembly-pack-accelerate-ECDSA.patch | ||
openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch | ||
openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch | ||
openssl-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch | ||
openssl-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch | ||
openssl-s390x-assembly-pack-cleanse-only-sensitive-fields.patch | ||
openssl-s390x-assembly-pack-fix-msa3-stfle-bit-detection.patch | ||
openssl-s390x-assembly-pack-fix-OPENSSL_s390xcap-z15-cpu-mas.patch | ||
openssl-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch | ||
openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch | ||
openssl-s390xcpuid.pl-fix-comment.patch | ||
openssl-ship_fips_standalone_hmac.patch | ||
openssl-truststore.patch | ||
openssl-unknown_dgst.patch | ||
openssl.keyring | ||
showciphers.c |