kpriv
/
pkgsrc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
pkgsrc/security/openssl
History
adam 52e636bfd4 openssl: updated to 3.1.5 
Changes between 3.1.4 and 3.1.5 [30 Jan 2024]

 * A file in PKCS12 format can contain certificates and keys and may come from
   an untrusted source. The PKCS12 specification allows certain fields to be
   NULL, but OpenSSL did not correctly check for this case. A fix has been
   applied to prevent a NULL pointer dereference that results in OpenSSL
   crashing. If an application processes PKCS12 files from an untrusted source
   using the OpenSSL APIs then that application will be vulnerable to this
   issue prior to this fix.

   OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
   PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
   and PKCS12_newpass().

   We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
   function is related to writing data we do not consider it security
   significant.

   ([CVE-2024-0727])
 		2024-02-03 18:21:26 +00:00
..
patches openssl: fix configure for NetBSD/i386 2023-12-27 15:55:58 +00:00
DESCR openssl: update to 3.1.4 2023-10-24 21:30:35 +00:00
Makefile openssl: updated to 3.1.5 2024-02-03 18:21:26 +00:00
PLIST openssl: updated to 3.1.5 2024-02-03 18:21:26 +00:00
buildlink3.mk *: bump for openssl 3 2023-10-24 22:08:07 +00:00
builtin.mk */builtin.mk: Use ${_CROSS_DESTDIR:U} for build-time file checks. 2024-01-13 20:07:31 +00:00
distinfo openssl: updated to 3.1.5 2024-02-03 18:21:26 +00:00
options.mk openssl: update to 3.1.4 2023-10-24 21:30:35 +00:00