openkylin
/
openssl3
mirror of https://gitee.com/openkylin/openssl3.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

!7 CVE-2023-0466修复 

Merge pull request !7 from 边秀宁/openkylin/yangtze
This commit is contained in:
yuejiayuan 2024-05-31 07:54:27 +00:00 committed by Gitee
parent 723a370ba0 3c62290ee3
commit c1240dffb1
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
4 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGES.md
View File

@ -30,6 +30,13 @@ breaking changes, and mappings for the large list of deprecated functions.
### Changes between 3.0.7 and 3.0.8 [7 Feb 2023]
* Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
that it does not enable policy checking. Thanks to David Benjamin for
discovering this issue.
([CVE-2023-0466])
*Tomáš Mráz*
* Fixed NULL dereference during PKCS7 data verification.
A NULL pointer can be dereferenced when signatures are being
@ -19578,6 +19585,7 @@ ndif
<!-- Links -->
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217

2
NEWS.md
View File

@ -20,6 +20,7 @@ OpenSSL 3.0
### Major changes between OpenSSL 3.0.7 and OpenSSL 3.0.8 [7 Feb 2023]
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() ([CVE-2023-0466])
* Fixed NULL dereference during PKCS7 data verification ([CVE-2023-0401])
* Fixed X.400 address type confusion in X.509 GeneralName ([CVE-2023-0286])
* Fixed NULL dereference validating DSA public key ([CVE-2023-0217])
@ -1430,6 +1431,7 @@ OpenSSL 0.9.x
* Support for various new platforms
<!-- Links -->
[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217

6
debian/changelog vendored
View File

@ -1,3 +1,9 @@
openssl (3.0.8-ok5) yangtze; urgency=medium
* Fix documentation of X509_VERIFY_PARAM_add0_policy()
-- bianxiuning <bianxiuning@kylinos.cn> Fri, 31 May 2024 14:16:03 +0800
openssl (3.0.8-ok4.1) yangtze; urgency=medium
* Re-upload.

9
doc/man3/X509_VERIFY_PARAM_set_flags.pod
View File

@ -98,8 +98,9 @@ B<trust>.
X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
B<t>. Normally the current time is used.
X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
by default) and adds B<policy> to the acceptable policy set.
X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
Contrary to preexisting documentation of this function it does not enable
policy checking.
X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
by default) and sets the acceptable policy set to B<policies>. Any existing
@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(),
and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0.
The function X509_VERIFY_PARAM_add0_policy() was historically documented as
enabling policy checking however the implementation has never done this.
The documentation was changed to align with the implementation.
=head1 COPYRIGHT
Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.