849aee4f88
This fixes CVE-2020-1967: Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. See https://www.openssl.org/news/secadv/20200421.txt Also update the hash file to the new two spaces convention Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> |
||
|---|---|---|
| .. | ||
| 0001-Dont-waste-time-building-manpages-if-we-re-not-going.patch | ||
| 0002-Reproducible-build-do-not-leak-compiler-path.patch | ||
| 0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch | ||
| Config.in | ||
| libopenssl.hash | ||
| libopenssl.mk | ||