From d0bfd7476ce462f642aac827cc23bdc2bc78b13b Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Tue, 7 Feb 2023 10:25:48 -0600 Subject: security update --- ChangeLog | 6 ++++++ patches/opensslv.h | 6 +++--- patches/x509_genn.c.diff | 17 +++++++++++++++++ update.sh | 3 +++ 4 files changed, 29 insertions(+), 3 deletions(-) create mode 100644 patches/x509_genn.c.diff diff --git a/ChangeLog b/ChangeLog index 4ecab20..40e7684 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,12 @@ history is also available from Git. LibreSSL Portable Release Notes: +3.5.4 - Stable release + + * Security fix + - A malicious certificate revocation list or timestamp response token + would allow an attacker to read arbitrary memory. + 3.5.3 - Reliability fix * Fix d2i_ASN1_OBJECT(). A confusion of two CBS resulted in advancing diff --git a/patches/opensslv.h b/patches/opensslv.h index f24afb9..2f7b1f9 100644 --- a/patches/opensslv.h +++ b/patches/opensslv.h @@ -1,11 +1,11 @@ -/* $OpenBSD: opensslv.h,v 1.69 2022/03/15 21:15:08 bcook Exp $ */ +/* $OpenBSD: opensslv.h,v 1.70 2022/07/04 12:31:55 tb Exp $ */ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H /* These will change with each release of LibreSSL-portable */ -#define LIBRESSL_VERSION_NUMBER 0x3050300fL +#define LIBRESSL_VERSION_NUMBER 0x3050400fL /* ^ Patch starts here */ -#define LIBRESSL_VERSION_TEXT "LibreSSL 3.5.3" +#define LIBRESSL_VERSION_TEXT "LibreSSL 3.5.4" /* These will never change */ #define OPENSSL_VERSION_NUMBER 0x20000000L diff --git a/patches/x509_genn.c.diff b/patches/x509_genn.c.diff new file mode 100644 index 0000000..1c6ea8c --- /dev/null +++ b/patches/x509_genn.c.diff @@ -0,0 +1,17 @@ +Index: lib/libcrypto/x509/x509_genn.c +=================================================================== +RCS file: /cvs/src/lib/libcrypto/x509/x509_genn.c,v +retrieving revision 1.2 +diff -u -p -r1.2 x509_genn.c +--- lib/libcrypto/x509/x509_genn.c 8 Dec 2020 15:06:42 -0000 1.2 ++++ lib/libcrypto/x509/x509_genn.c 24 Jan 2023 09:43:06 -0000 +@@ -366,7 +366,8 @@ GENERAL_NAME_cmp(GENERAL_NAME *a, GENERA + return -1; + switch (a->type) { + case GEN_X400: +- result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); ++ result = ASN1_STRING_cmp((ASN1_STRING *)a->d.x400Address, ++ (ASN1_STRING *)b->d.x400Address); + break; + + case GEN_EDIPARTY: diff --git a/update.sh b/update.sh index 6832fe8..7d3f8e5 100755 --- a/update.sh +++ b/update.sh @@ -362,6 +362,9 @@ done (cd crypto $PATCH -p4 < ../patches/uninit_asn1_string_to_utf8.diff ) +(cd crypto + $PATCH -p2 < ../patches/x509_genn.c.diff +) # copy manpages echo "copying manpages" -- cgit v1.2.3-55-g6feb