mirror of
https://git.openwrt.org/openwrt/openwrt.git
synced 2026-03-04 04:53:46 +01:00
90b8ed725a
This release incorporates the following bug fixes and mitigations:
fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
(CVE-2025-11187)
fixed Stack buffer overflow in CMS AuthEnvelopedData parsing.
(CVE-2025-15467)
fixed NULL dereference in SSL_CIPHER_find () function on unknown cipher ID.
(CVE-2025-15468)
fixed openssl dgst one-shot codepath silently truncates inputs >16 MiB.
(CVE-2025-15469)
fixed TLS 1.3 CompressedCertificate excessive memory allocation.
(CVE-2025-66199)
fixed Heap out-of-bounds write in BIO_f_linebuffer on short writes.
(CVE-2025-68160)
fixed Unauthenticated/unencrypted trailing bytes with low-level OCB function calls.
(CVE-2025-69418)
fixed Out of bounds write in PKCS12_get_friendlyname () UTF-8 conversion.
(CVE-2025-69419)
fixed Missing ASN1_TYPE validation in TS_RESP_verify_response () function.
(CVE-2025-69420)
fixed NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex () function.
(CVE-2025-69421)
fixed Missing ASN1_TYPE validation in PKCS#12 parsing.
(CVE-2026-22795)
fixed ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes () function.
(CVE-2026-22796)
Adjust patches due to formatting changes.
Link: https://github.com/openwrt/openwrt/pull/21752
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/21755
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| 010-fix-aes-gcm-siv-cipher.patch | ||
| 100-Configure-afalg-support.patch | ||
| 110-openwrt_targets.patch | ||
| 120-strip-cflags-from-binary.patch | ||
| 130-dont-build-fuzz-docs.patch | ||
| 140-allow-prefer-chacha20.patch | ||
| 150-openssl.cnf-add-engines-conf.patch | ||
| 500-e_devcrypto-default-to-not-use-digests-in-engine.patch | ||
| 510-e_devcrypto-ignore-error-when-closing-session.patch | ||