diff options
| author | Bernard Spil <brnrd@FreeBSD.org> | 2022-06-25 11:03:35 +0000 |
|---|---|---|
| committer | Bernard Spil <brnrd@FreeBSD.org> | 2022-06-25 11:05:12 +0000 |
| commit | 617228983fd2d49639186b02f72fdd15c1fec3ed (patch) | |
| tree | a233fa93559807e05207a4be7582d3eedcbed74c | |
| parent | 4c6583c335e521c6d7aac6c32052bc7c1d815591 (diff) | |
| download | ports-617228983fd2d49639186b02f72fdd15c1fec3ed.tar.gz ports-617228983fd2d49639186b02f72fdd15c1fec3ed.zip | |
security/openssl-quictls: Security patch for CVE-2022-2068
Security: 4eeb93bf-f204-11ec-8fbd-d4c9ef517024
MFH: 2022Q2
(cherry picked from commit 21e8fd3ad74fbb8c52d375aec9bc77e4c1cb53d4)
| -rw-r--r-- | security/openssl-quictls/Makefile | 1 | ||||
| -rw-r--r-- | security/openssl-quictls/files/patch-CVE-2022-2068 | 23 |
2 files changed, 24 insertions, 0 deletions
diff --git a/security/openssl-quictls/Makefile b/security/openssl-quictls/Makefile index 2ca92fb4b599..77b5247f56ba 100644 --- a/security/openssl-quictls/Makefile +++ b/security/openssl-quictls/Makefile @@ -2,6 +2,7 @@ PORTNAME= openssl PORTVERSION= 3.0.3 +PORTREVISION= 1 CATEGORIES= security devel PKGNAMESUFFIX= -quictls diff --git a/security/openssl-quictls/files/patch-CVE-2022-2068 b/security/openssl-quictls/files/patch-CVE-2022-2068 new file mode 100644 index 000000000000..367fd562181b --- /dev/null +++ b/security/openssl-quictls/files/patch-CVE-2022-2068 @@ -0,0 +1,23 @@ +From 8a3579a7b7067a983e69a4eda839ac408c120739 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz <tomas@openssl.org> +Date: Mon, 13 Jun 2022 17:10:15 +0200 +Subject: [PATCH] c_rehash: Drop the issuer_name_hash= prefix from the CRL hash + +Reviewed-by: Richard Levitte <levitte@openssl.org> +Reviewed-by: Matt Caswell <matt@openssl.org> +--- + tools/c_rehash.in | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tools/c_rehash.in b/tools/c_rehash.in +index 2f735d68c9c8..343cdc1e7575 100644 +--- tools/c_rehash.in.orig ++++ tools/c_rehash.in +@@ -222,6 +222,7 @@ sub link_hash { + "-fingerprint", "-noout", + "-in", $fname); + chomp $hash; ++ $hash =~ s/^.*=// if !$is_cert; + chomp $fprint; + return if !$hash; + $fprint =~ s/^.*=//; |