| Message ID | 20201211113935.3540-1-cotequeiroz@gmail.com |
|---|---|
| State | Accepted |
| Delegated to: | Petr Štetiar |
| Headers | show |
| Series | openssl: update to 1.1.1i | expand |
Just for the record. This release fixes CVE-2020-1971 https://www.openssl.org/news/secadv/20201208.txt J.P. Dne 11. 12. 20 v 12:39 Eneas U de Queiroz napsal(a): > Fixes: CVE-2020-1971, defined as high severity, summarized as: > NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS > attack. > > Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> > --- > This was run-tested in a WRT-3200ACM > > diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile > index 77c6d41cec..714ce2059a 100644 > --- a/package/libs/openssl/Makefile > +++ b/package/libs/openssl/Makefile > @@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk > > PKG_NAME:=openssl > PKG_BASE:=1.1.1 > -PKG_BUGFIX:=h > +PKG_BUGFIX:=i > PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) > -PKG_RELEASE:=2 > +PKG_RELEASE:=1 > PKG_USE_MIPS16:=0 > ENGINES_DIR=engines-1.1 > > @@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \ > ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ > http://www.openssl.org/source/ \ > http://www.openssl.org/source/old/$(PKG_BASE)/ > -PKG_HASH:=5c9ca8774bd7b03e5784f26ae9e9e6d749c9da2438545077e6b3d755a06595d9 > +PKG_HASH:=e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242 > > PKG_LICENSE:=OpenSSL > PKG_LICENSE_FILES:=LICENSE > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Hi! Op vrijdag 11 december 2020 om 8u39 schreef Eneas U de Queiroz <cotequeiroz@gmail.com>: > Fixes: CVE-2020-1971, defined as high severity, summarized as: > NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS > attack. > > Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> > --- > This was run-tested in a WRT-3200ACM Can this be backported to 19.O7? I cherry-picked it from master locally here, applies cleanly afaict. Thanks! Stijn > > diff --git a/package/libs/openssl/Makefile > b/package/libs/openssl/Makefile > index 77c6d41cec..714ce2059a 100644 > --- a/package/libs/openssl/Makefile > +++ b/package/libs/openssl/Makefile > @@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk > > PKG_NAME:=openssl > PKG_BASE:=1.1.1 > -PKG_BUGFIX:=h > +PKG_BUGFIX:=i > PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) > -PKG_RELEASE:=2 > +PKG_RELEASE:=1 > PKG_USE_MIPS16:=0 > ENGINES_DIR=engines-1.1 > > @@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \ > ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ > http://www.openssl.org/source/ \ > http://www.openssl.org/source/old/$(PKG_BASE)/ > -PKG_HASH:=5c9ca8774bd7b03e5784f26ae9e9e6d749c9da2438545077e6b3d755a06595d9 > +PKG_HASH:=e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242 > > PKG_LICENSE:=OpenSSL > PKG_LICENSE_FILES:=LICENSE > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 77c6d41cec..714ce2059a 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.1.1 -PKG_BUGFIX:=h +PKG_BUGFIX:=i PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) -PKG_RELEASE:=2 +PKG_RELEASE:=1 PKG_USE_MIPS16:=0 ENGINES_DIR=engines-1.1 @@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ http://www.openssl.org/source/ \ http://www.openssl.org/source/old/$(PKG_BASE)/ -PKG_HASH:=5c9ca8774bd7b03e5784f26ae9e9e6d749c9da2438545077e6b3d755a06595d9 +PKG_HASH:=e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242 PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE
Fixes: CVE-2020-1971, defined as high severity, summarized as: NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS attack. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> --- This was run-tested in a WRT-3200ACM