CVS: cvs.openbsd.org: ports

Theo Buehler Tue, 30 Jan 2024 08:46:13 -0800

CVSROOT:        /cvs
Module name:    ports
Changes by:     t...@cvs.openbsd.org    2024/01/30 09:46:04


Modified files:
        security/openssl/3.2: Makefile distinfo 
        security/openssl/3.2/patches: 
                                      patch-Configurations_unix-Makefile_tmpl 
                                      patch-crypto_ec_asm_ecp_sm2p256-armv8_pl 
        security/openssl/3.2/pkg: PLIST 
Removed files:
        security/openssl/3.2/patches: patch-ssl_ssl_lib_c 

Log message:
Update to OpenSSL 3.2.1

* Fixed PKCS12 Decoding crashes ([CVE-2024-0727])
* Fixed excessive time spent checking invalid RSA public keys ([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
CPUs which support PowerISA 2.07 ([CVE-2023-6129])
* Fixed excessive time spent in DH check / generation with large Q parameter
value [(CVE-2023-5678)]

Plus a UAF in DANE code.

CVS: cvs.openbsd.org: ports

Reply via email to