diff options
| author | Titouan Christophe <titouan.christophe@railnova.eu> | 2020-04-21 15:36:51 +0200 |
|---|---|---|
| committer | Thomas Petazzoni <thomas.petazzoni@bootlin.com> | 2020-04-21 22:11:53 +0200 |
| commit | 849aee4f8805cce89376c0cd1ce23721436a90ac (patch) | |
| tree | 988b087e5d8597bad306c6ef8d5ce75f46222ae6 | |
| parent | 8dd067ef3ae92eda4d883dd002c4b48b60dd4e8c (diff) | |
| download | buildroot-849aee4f8805cce89376c0cd1ce23721436a90ac.tar.bz2 | |
package/libopenssl: security bump to v1.1.1g
This fixes CVE-2020-1967:
Server or client applications that call the SSL_check_chain() function during
or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a
result of incorrect handling of the "signature_algorithms_cert" TLS extension.
The crash occurs if an invalid or unrecognised signature algorithm is received
from the peer. This could be exploited by a malicious peer in a Denial of
Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this
issue. This issue did not affect OpenSSL versions prior to 1.1.1d.
See https://www.openssl.org/news/secadv/20200421.txt
Also update the hash file to the new two spaces convention
Signed-off-by: Titouan Christophe <titouan.christophe@railnova.eu>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
| -rw-r--r-- | package/libopenssl/libopenssl.hash | 6 | ||||
| -rw-r--r-- | package/libopenssl/libopenssl.mk | 2 |
2 files changed, 4 insertions, 4 deletions
diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash index 3becd790ac..121e10c410 100644 --- a/package/libopenssl/libopenssl.hash +++ b/package/libopenssl/libopenssl.hash @@ -1,5 +1,5 @@ -# From https://www.openssl.org/source/openssl-1.1.1d.tar.gz.sha256 -sha256 186c6bfe6ecfba7a5b48c47f8a1673d0f3b0e5ba2e25602dd23b629975da3f35 openssl-1.1.1f.tar.gz +# From https://www.openssl.org/source/openssl-1.1.1g.tar.gz.sha256 +sha256 ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46 openssl-1.1.1g.tar.gz # License files -sha256 c32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841c LICENSE +sha256 c32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841c LICENSE diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk index 4639c63fac..a300458f85 100644 --- a/package/libopenssl/libopenssl.mk +++ b/package/libopenssl/libopenssl.mk @@ -4,7 +4,7 @@ # ################################################################################ -LIBOPENSSL_VERSION = 1.1.1f +LIBOPENSSL_VERSION = 1.1.1g LIBOPENSSL_SITE = https://www.openssl.org/source LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz LIBOPENSSL_LICENSE = OpenSSL or SSLeay |