forked from pool/openssl-3
Pedro Monreal Gonzalez
c7c7fd87d3
- Temporary disable tests test_ssl_new and test_sslapi because they are
failing in openSUSE_Tumbleweed
- Update to 3.0.7: [bsc#1204714, CVE-2022-3602,CVE-2022-3786]
* Fixed two buffer overflows in punycode decoding functions.
A buffer overrun can be triggered in X.509 certificate verification,
specifically in name constraint checking. Note that this occurs after
certificate chain signature verification and requires either a CA to
have signed the malicious certificate or for the application to continue
certificate verification despite failure to construct a path to a trusted
issuer.
In a TLS client, this can be triggered by connecting to a malicious
server. In a TLS server, this can be triggered if the server requests
client authentication and a malicious client connects.
An attacker can craft a malicious email address to overflow
an arbitrary number of bytes containing the `.` character (decimal 46)
on the stack. This buffer overflow could result in a crash (causing a
denial of service).
([CVE-2022-3786])
An attacker can craft a malicious email address to overflow four
attacker-controlled bytes on the stack. This buffer overflow could
result in a crash (causing a denial of service) or potentially remote code
execution depending on stack layout for any given platform/compiler.
([CVE-2022-3602])
* Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT
parameters in OpenSSL code.
Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR,
OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT.
Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead.
Using these invalid names may cause algorithms to use slower methods
OBS-URL: https://build.opensuse.org/request/show/1032747
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=47
|
||
|---|---|---|
| .gitattributes | ||
| .gitignore | ||
| baselibs.conf | ||
| fix-config-in-tests.patch | ||
| openssl-1.1.0-no-html.patch | ||
| openssl-3.0.7.tar.gz | ||
| openssl-3.0.7.tar.gz.asc | ||
| openssl-3.changes | ||
| openssl-3.spec | ||
| openssl-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch | ||
| openssl-DEFAULT_SUSE_cipher.patch | ||
| openssl-no-date.patch | ||
| openssl-Override-default-paths-for-the-CA-directory-tree.patch | ||
| openssl-pkgconfig.patch | ||
| openssl-ppc64-config.patch | ||
| openssl-truststore.patch | ||
| openssl-use-versioned-config.patch | ||
| openssl.keyring | ||
| showciphers.c | ||