Hello community,
here is the log from the commit of package libressl for openSUSE:Factory
checked in at 2020-12-10 18:19:59
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libressl (Old)
and /work/SRC/openSUSE:Factory/.libressl.new.2328 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libressl"
Thu Dec 10 18:19:59 2020 rev:54 rq:854604 version:3.2.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2020-10-28
14:33:59.763813587 +0100
+++ /work/SRC/openSUSE:Factory/.libressl.new.2328/libressl.changes
2020-12-10 18:20:00.991101754 +0100
@@ -1,0 +2,8 @@
+Thu Dec 10 13:30:12 UTC 2020 - Jan Engelhardt <jeng...@inai.de>
+
+- Update to release 3.2.3
+ * Fixed: Malformed ASN.1 in a certificate revocation list or a
+ timestamp response token could lead to a NULL pointer
+ dereference.
+
+-------------------------------------------------------------------
Old:
----
libressl-3.2.2.tar.gz
libressl-3.2.2.tar.gz.asc
New:
----
libressl-3.2.3.tar.gz
libressl-3.2.3.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libressl.spec ++++++
--- /var/tmp/diff_new_pack.zaIDSX/_old 2020-12-10 18:20:01.859103935 +0100
+++ /var/tmp/diff_new_pack.zaIDSX/_new 2020-12-10 18:20:01.867103955 +0100
@@ -17,7 +17,7 @@
Name: libressl
-Version: 3.2.2
+Version: 3.2.3
Release: 0
Summary: An SSL/TLS protocol implementation
License: OpenSSL
++++++ extra-symver.diff ++++++
--- /var/tmp/diff_new_pack.zaIDSX/_old 2020-12-10 18:20:01.931104116 +0100
+++ /var/tmp/diff_new_pack.zaIDSX/_new 2020-12-10 18:20:01.935104126 +0100
@@ -23,12 +23,12 @@
tls/Makefile.am | 6 +++++-
3 files changed, 15 insertions(+), 4 deletions(-)
-Index: libressl-3.2.2/crypto/Makefile.am
+Index: libressl-3.2.3/crypto/Makefile.am
===================================================================
---- libressl-3.2.2.orig/crypto/Makefile.am
-+++ libressl-3.2.2/crypto/Makefile.am
+--- libressl-3.2.3.orig/crypto/Makefile.am
++++ libressl-3.2.3/crypto/Makefile.am
@@ -105,8 +105,11 @@ libcrypto_la_objects.mk: Makefile
- | sed 's/ */ $$\(abs_top_builddir\)\/crypto\//g' \
+ | sed 's/compat\// $$\(abs_top_builddir\)\/crypto\/&/g' \
>> libcrypto_la_objects.mk
-libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
-export-symbols crypto_portable.sym
@@ -41,10 +41,10 @@
EXTRA_libcrypto_la_DEPENDENCIES += libcrypto_la_objects.mk
libcrypto_la_LIBADD = libcompat.la
if !HAVE_EXPLICIT_BZERO
-Index: libressl-3.2.2/ssl/Makefile.am
+Index: libressl-3.2.3/ssl/Makefile.am
===================================================================
---- libressl-3.2.2.orig/ssl/Makefile.am
-+++ libressl-3.2.2/ssl/Makefile.am
+--- libressl-3.2.3.orig/ssl/Makefile.am
++++ libressl-3.2.3/ssl/Makefile.am
@@ -15,7 +15,11 @@ libssl_la_objects.mk: Makefile
| sed 's/ */ $$\(abs_top_builddir\)\/ssl\//g' \
> libssl_la_objects.mk
@@ -58,10 +58,10 @@
libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la $(PLATFORM_LDADD)
libssl_la_SOURCES = bio_ssl.c
-Index: libressl-3.2.2/tls/Makefile.am
+Index: libressl-3.2.3/tls/Makefile.am
===================================================================
---- libressl-3.2.2.orig/tls/Makefile.am
-+++ libressl-3.2.2/tls/Makefile.am
+--- libressl-3.2.3.orig/tls/Makefile.am
++++ libressl-3.2.3/tls/Makefile.am
@@ -9,7 +9,11 @@ EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt
EXTRA_DIST += tls.sym
++++++ libressl-3.2.2.tar.gz -> libressl-3.2.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.2.2/ChangeLog new/libressl-3.2.3/ChangeLog
--- old/libressl-3.2.2/ChangeLog 2020-10-17 10:15:28.000000000 +0200
+++ new/libressl-3.2.3/ChangeLog 2020-12-08 18:06:16.000000000 +0100
@@ -28,6 +28,11 @@
LibreSSL Portable Release Notes:
+3.2.3 - Security fix
+
+ * Malformed ASN.1 in a certificate revocation list or a timestamp
+ response token can lead to a NULL pointer dereference.
+
3.2.2 - Stable release
* This is the first stable release with the new TLSv1.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.2.2/VERSION new/libressl-3.2.3/VERSION
--- old/libressl-3.2.2/VERSION 2020-10-17 10:15:36.000000000 +0200
+++ new/libressl-3.2.3/VERSION 2020-12-08 18:09:01.000000000 +0100
@@ -1,2 +1,2 @@
-3.2.2
+3.2.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.2.2/apps/nc/Makefile.am
new/libressl-3.2.3/apps/nc/Makefile.am
--- old/libressl-3.2.2/apps/nc/Makefile.am 2020-10-17 10:15:28.000000000
+0200
+++ new/libressl-3.2.3/apps/nc/Makefile.am 2020-12-08 18:06:09.000000000
+0100
@@ -1,5 +1,7 @@
include $(top_srcdir)/Makefile.am.common
+-include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk
+
if BUILD_NC
if ENABLE_NC
@@ -12,11 +14,13 @@
EXTRA_DIST = nc.1
EXTRA_DIST += CMakeLists.txt
-nc_LDFLAGS = $(abs_top_builddir)/crypto/.libs/libcrypto.a
-
nc_LDADD = $(abs_top_builddir)/tls/libtls.la
nc_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
+nc_LDADD += $(libcrypto_la_objects)
+nc_LDADD += $(libcompat_la_objects)
+nc_LDADD += $(libcompatnoopt_la_objects)
+
AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat
nc_SOURCES = atomicio.c
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.2.2/apps/nc/Makefile.in
new/libressl-3.2.3/apps/nc/Makefile.in
--- old/libressl-3.2.2/apps/nc/Makefile.in 2020-10-17 10:16:27.000000000
+0200
+++ new/libressl-3.2.3/apps/nc/Makefile.in 2020-12-08 18:09:52.000000000
+0100
@@ -139,9 +139,6 @@
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
-nc_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(nc_LDFLAGS) $(LDFLAGS) -o $@
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
@@ -371,9 +368,10 @@
-D__END_HIDDEN_DECLS= $(am__append_1)
@BUILD_NC_TRUE@@ENABLE_NC_TRUE@dist_man_MANS = nc.1
@BUILD_NC_TRUE@EXTRA_DIST = nc.1 CMakeLists.txt
-@BUILD_NC_TRUE@nc_LDFLAGS = $(abs_top_builddir)/crypto/.libs/libcrypto.a
@BUILD_NC_TRUE@nc_LDADD = $(abs_top_builddir)/tls/libtls.la \
-@BUILD_NC_TRUE@ $(PLATFORM_LDADD) $(PROG_LDADD)
+@BUILD_NC_TRUE@ $(PLATFORM_LDADD) $(PROG_LDADD) \
+@BUILD_NC_TRUE@ $(libcrypto_la_objects) $(libcompat_la_objects) \
+@BUILD_NC_TRUE@ $(libcompatnoopt_la_objects)
@BUILD_NC_TRUE@nc_SOURCES = atomicio.c netcat.c socks.c \
@BUILD_NC_TRUE@ compat/socket.c $(am__append_2) $(am__append_3) \
@BUILD_NC_TRUE@ $(am__append_4) $(am__append_5)
@@ -489,7 +487,7 @@
nc$(EXEEXT): $(nc_OBJECTS) $(nc_DEPENDENCIES) $(EXTRA_nc_DEPENDENCIES)
@rm -f nc$(EXEEXT)
- $(AM_V_CCLD)$(nc_LINK) $(nc_OBJECTS) $(nc_LDADD) $(LIBS)
+ $(AM_V_CCLD)$(LINK) $(nc_OBJECTS) $(nc_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -818,6 +816,8 @@
.PRECIOUS: Makefile
+-include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk
+
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.2.2/configure new/libressl-3.2.3/configure
--- old/libressl-3.2.2/configure 2020-10-17 10:16:26.000000000 +0200
+++ new/libressl-3.2.3/configure 2020-12-08 18:09:51.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libressl 3.2.2.
+# Generated by GNU Autoconf 2.69 for libressl 3.2.3.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
# Identity of this package.
PACKAGE_NAME='libressl'
PACKAGE_TARNAME='libressl'
-PACKAGE_VERSION='3.2.2'
-PACKAGE_STRING='libressl 3.2.2'
+PACKAGE_VERSION='3.2.3'
+PACKAGE_STRING='libressl 3.2.3'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1449,7 +1449,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libressl 3.2.2 to adapt to many kinds of systems.
+\`configure' configures libressl 3.2.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1520,7 +1520,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libressl 3.2.2:";;
+ short | recursive ) echo "Configuration of libressl 3.2.3:";;
esac
cat <<\_ACEOF
@@ -1637,7 +1637,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libressl configure 3.2.2
+libressl configure 3.2.3
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2185,7 +2185,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libressl $as_me 3.2.2, which was
+It was created by libressl $as_me 3.2.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3126,7 +3126,7 @@
# Define the identity of the package.
PACKAGE='libressl'
- VERSION='3.2.2'
+ VERSION='3.2.3'
cat >>confdefs.h <<_ACEOF
@@ -14929,7 +14929,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libressl $as_me 3.2.2, which was
+This file was extended by libressl $as_me 3.2.3, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -14986,7 +14986,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libressl config.status 3.2.2
+libressl config.status 3.2.3
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.2.2/crypto/Makefile.am
new/libressl-3.2.3/crypto/Makefile.am
--- old/libressl-3.2.2/crypto/Makefile.am 2020-10-17 10:15:28.000000000
+0200
+++ new/libressl-3.2.3/crypto/Makefile.am 2020-12-08 18:06:09.000000000
+0100
@@ -99,10 +99,10 @@
| sed 's/ */ $$\(abs_top_builddir\)\/crypto\//g' \
> libcrypto_la_objects.mk
@echo "libcompat_la_objects= $(libcompat_la_OBJECTS)" \
- | sed 's/ */ $$\(abs_top_builddir\)\/crypto\//g' \
+ | sed 's/compat\// $$\(abs_top_builddir\)\/crypto\/&/g' \
>> libcrypto_la_objects.mk
@echo "libcompatnoopt_la_objects= $(libcompatnoopt_la_OBJECTS)" \
- | sed 's/ */ $$\(abs_top_builddir\)\/crypto\//g' \
+ | sed 's/compat\// $$\(abs_top_builddir\)\/crypto\/&/g' \
>> libcrypto_la_objects.mk
libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
-export-symbols crypto_portable.sym
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.2.2/crypto/Makefile.in
new/libressl-3.2.3/crypto/Makefile.in
--- old/libressl-3.2.2/crypto/Makefile.in 2020-10-17 10:16:32.000000000
+0200
+++ new/libressl-3.2.3/crypto/Makefile.in 2020-12-08 18:09:57.000000000
+0100
@@ -11134,10 +11134,10 @@
| sed 's/ */ $$\(abs_top_builddir\)\/crypto\//g' \
> libcrypto_la_objects.mk
@echo "libcompat_la_objects= $(libcompat_la_OBJECTS)" \
- | sed 's/ */ $$\(abs_top_builddir\)\/crypto\//g' \
+ | sed 's/compat\// $$\(abs_top_builddir\)\/crypto\/&/g' \
>> libcrypto_la_objects.mk
@echo "libcompatnoopt_la_objects= $(libcompatnoopt_la_OBJECTS)" \
- | sed 's/ */ $$\(abs_top_builddir\)\/crypto\//g' \
+ | sed 's/compat\// $$\(abs_top_builddir\)\/crypto\/&/g' \
>> libcrypto_la_objects.mk
# Tell versions [3.59,3.63) of GNU make to not export all variables.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.2.2/crypto/asn1/asn1_err.c
new/libressl-3.2.3/crypto/asn1/asn1_err.c
--- old/libressl-3.2.2/crypto/asn1/asn1_err.c 2018-12-04 11:49:18.000000000
+0100
+++ new/libressl-3.2.3/crypto/asn1/asn1_err.c 2020-12-08 18:06:29.000000000
+0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_err.c,v 1.21 2018/03/29 02:29:24 inoguchi Exp $ */
+/* $OpenBSD: asn1_err.c,v 1.21.12.1 2020/12/08 15:08:47 tb Exp $ */
/* ====================================================================
* Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
*
@@ -85,6 +85,7 @@
{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) , "bad object header"},
{ERR_REASON(ASN1_R_BAD_PASSWORD_READ) , "bad password read"},
{ERR_REASON(ASN1_R_BAD_TAG) , "bad tag"},
+ {ERR_REASON(ASN1_R_BAD_TEMPLATE) , "bad template"},
{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH), "bmpstring is wrong
length"},
{ERR_REASON(ASN1_R_BN_LIB) , "bn lib"},
{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.2.2/crypto/asn1/asn1_lib.c
new/libressl-3.2.3/crypto/asn1/asn1_lib.c
--- old/libressl-3.2.2/crypto/asn1/asn1_lib.c 2018-12-14 08:44:33.000000000
+0100
+++ new/libressl-3.2.3/crypto/asn1/asn1_lib.c 2020-12-08 18:06:29.000000000
+0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1_lib.c,v 1.44 2018/11/17 09:34:11 tb Exp $ */
+/* $OpenBSD: asn1_lib.c,v 1.44.10.1 2020/12/08 15:08:47 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
* All rights reserved.
*
@@ -388,6 +388,8 @@
{
int i;
+ if (a == NULL || b == NULL)
+ return -1;
i = (a->length - b->length);
if (i == 0) {
i = memcmp(a->data, b->data, a->length);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.2.2/crypto/asn1/tasn_dec.c
new/libressl-3.2.3/crypto/asn1/tasn_dec.c
--- old/libressl-3.2.2/crypto/asn1/tasn_dec.c 2019-04-11 13:27:40.000000000
+0200
+++ new/libressl-3.2.3/crypto/asn1/tasn_dec.c 2020-12-08 18:06:29.000000000
+0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_dec.c,v 1.37 2019/04/01 15:48:04 jsing Exp $ */
+/* $OpenBSD: tasn_dec.c,v 1.37.10.1 2020/12/08 15:08:47 tb Exp $ */
/* Written by Dr Stephen N Henson (st...@openssl.org) for the OpenSSL
* project 2000.
*/
@@ -210,6 +210,16 @@
break;
case ASN1_ITYPE_MSTRING:
+ /*
+ * It never makes sense for multi-strings to have implicit
+ * tagging, so if tag != -1, then this looks like an error in
+ * the template.
+ */
+ if (tag != -1) {
+ ASN1error(ASN1_R_BAD_TEMPLATE);
+ goto err;
+ }
+
p = *in;
/* Just read in tag and class */
ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
@@ -245,6 +255,16 @@
it, tag, aclass, opt, ctx);
case ASN1_ITYPE_CHOICE:
+ /*
+ * It never makes sense for CHOICE types to have implicit
+ * tagging, so if tag != -1, then this looks like an error in
+ * the template.
+ */
+ if (tag != -1) {
+ ASN1error(ASN1_R_BAD_TEMPLATE);
+ goto err;
+ }
+
if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
goto auxerr;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.2.2/crypto/asn1/tasn_enc.c
new/libressl-3.2.3/crypto/asn1/tasn_enc.c
--- old/libressl-3.2.2/crypto/asn1/tasn_enc.c 2019-04-11 13:27:40.000000000
+0200
+++ new/libressl-3.2.3/crypto/asn1/tasn_enc.c 2020-12-08 18:06:29.000000000
+0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_enc.c,v 1.22 2019/04/01 15:48:04 jsing Exp $ */
+/* $OpenBSD: tasn_enc.c,v 1.22.10.1 2020/12/08 15:08:47 tb Exp $ */
/* Written by Dr Stephen N Henson (st...@openssl.org) for the OpenSSL
* project 2000.
*/
@@ -61,6 +61,7 @@
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
+#include <openssl/err.h>
#include <openssl/objects.h>
static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
@@ -152,9 +153,27 @@
break;
case ASN1_ITYPE_MSTRING:
+ /*
+ * It never makes sense for multi-strings to have implicit
+ * tagging, so if tag != -1, then this looks like an error in
+ * the template.
+ */
+ if (tag != -1) {
+ ASN1error(ASN1_R_BAD_TEMPLATE);
+ return 0;
+ }
return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
case ASN1_ITYPE_CHOICE:
+ /*
+ * It never makes sense for CHOICE types to have implicit
+ * tagging, so if tag != -1, then this looks like an error in
+ * the template.
+ */
+ if (tag != -1) {
+ ASN1error(ASN1_R_BAD_TEMPLATE);
+ return 0;
+ }
if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
return 0;
i = asn1_get_choice_selector(pval, it);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.2.2/crypto/x509/x509_genn.c
new/libressl-3.2.3/crypto/x509/x509_genn.c
--- old/libressl-3.2.2/crypto/x509/x509_genn.c 2020-08-23 01:51:50.000000000
+0200
+++ new/libressl-3.2.3/crypto/x509/x509_genn.c 2020-12-08 18:06:29.000000000
+0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_genn.c,v 1.1 2020/06/04 15:19:31 jsing Exp $ */
+/* $OpenBSD: x509_genn.c,v 1.1.4.1 2020/12/08 15:08:47 tb Exp $ */
/* Written by Dr Stephen N Henson (st...@openssl.org) for the OpenSSL
* project 1999.
*/
@@ -117,16 +117,17 @@
ASN1_item_free((ASN1_VALUE *)a, &OTHERNAME_it);
}
+/* Uses explicit tagging since DIRECTORYSTRING is a CHOICE type */
static const ASN1_TEMPLATE EDIPARTYNAME_seq_tt[] = {
{
- .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
+ .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
.tag = 0,
.offset = offsetof(EDIPARTYNAME, nameAssigner),
.field_name = "nameAssigner",
.item = &DIRECTORYSTRING_it,
},
{
- .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
+ .flags = ASN1_TFLG_EXPLICIT,
.tag = 1,
.offset = offsetof(EDIPARTYNAME, partyName),
.field_name = "partyName",
@@ -324,6 +325,37 @@
return ASN1_item_dup(&GENERAL_NAME_it, a);
}
+static int
+EDIPARTYNAME_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
+{
+ int res;
+
+ /*
+ * Shouldn't be possible in a valid GENERAL_NAME, but we handle it
+ * anyway. OTHERNAME_cmp treats NULL != NULL, so we do the same here.
+ */
+ if (a == NULL || b == NULL)
+ return -1;
+ if (a->nameAssigner == NULL && b->nameAssigner != NULL)
+ return -1;
+ if (a->nameAssigner != NULL && b->nameAssigner == NULL)
+ return 1;
+ /* If we get here, both have nameAssigner set or both unset. */
+ if (a->nameAssigner != NULL) {
+ res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
+ if (res != 0)
+ return res;
+ }
+ /*
+ * partyName is required, so these should never be NULL. We treat it in
+ * the same way as the a == NULL || b == NULL case above.
+ */
+ if (a->partyName == NULL || b->partyName == NULL)
+ return -1;
+
+ return ASN1_STRING_cmp(a->partyName, b->partyName);
+}
+
/* Returns 0 if they are equal, != 0 otherwise. */
int
GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
@@ -334,8 +366,11 @@
return -1;
switch (a->type) {
case GEN_X400:
+ result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
+ break;
+
case GEN_EDIPARTY:
- result = ASN1_TYPE_cmp(a->d.other, b->d.other);
+ result = EDIPARTYNAME_cmp(a->d.ediPartyName, b->d.ediPartyName);
break;
case GEN_OTHERNAME:
@@ -384,8 +419,11 @@
{
switch (type) {
case GEN_X400:
+ a->d.x400Address = value;
+ break;
+
case GEN_EDIPARTY:
- a->d.other = value;
+ a->d.ediPartyName = value;
break;
case GEN_OTHERNAME:
@@ -420,8 +458,10 @@
*ptype = a->type;
switch (a->type) {
case GEN_X400:
+ return a->d.x400Address;
+
case GEN_EDIPARTY:
- return a->d.other;
+ return a->d.ediPartyName;
case GEN_OTHERNAME:
return a->d.otherName;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.2.2/include/openssl/asn1.h
new/libressl-3.2.3/include/openssl/asn1.h
--- old/libressl-3.2.2/include/openssl/asn1.h 2018-12-14 08:44:33.000000000
+0100
+++ new/libressl-3.2.3/include/openssl/asn1.h 2020-12-08 18:06:29.000000000
+0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1.h,v 1.53 2018/11/30 04:51:19 jeremy Exp $ */
+/* $OpenBSD: asn1.h,v 1.53.10.1 2020/12/08 15:08:47 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (e...@cryptsoft.com)
* All rights reserved.
*
@@ -1137,6 +1137,7 @@
#define ASN1_R_BAD_OBJECT_HEADER 102
#define ASN1_R_BAD_PASSWORD_READ 103
#define ASN1_R_BAD_TAG 104
+#define ASN1_R_BAD_TEMPLATE 230
#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
#define ASN1_R_BN_LIB 105
#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.2.2/include/openssl/opensslv.h
new/libressl-3.2.3/include/openssl/opensslv.h
--- old/libressl-3.2.2/include/openssl/opensslv.h 2020-10-07
02:42:04.000000000 +0200
+++ new/libressl-3.2.3/include/openssl/opensslv.h 2020-12-08
18:08:40.000000000 +0100
@@ -3,9 +3,9 @@
#define HEADER_OPENSSLV_H
/* These will change with each release of LibreSSL-portable */
-#define LIBRESSL_VERSION_NUMBER 0x3020200fL
+#define LIBRESSL_VERSION_NUMBER 0x3020300fL
/* ^ Patch starts here */
-#define LIBRESSL_VERSION_TEXT "LibreSSL 3.2.2"
+#define LIBRESSL_VERSION_TEXT "LibreSSL 3.2.3"
/* These will never change */
#define OPENSSL_VERSION_NUMBER 0x20000000L
_______________________________________________
openSUSE Commits mailing list -- commit@lists.opensuse.org
To unsubscribe, email commit-le...@lists.opensuse.org
List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette
List Archives:
https://lists.opensuse.org/archives/list/commit@lists.opensuse.org
