mirror of
https://github.com/openbsd/ports.git
synced 2026-06-18 07:24:23 +02:00
tb
94efd8bd5d
X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) Use-after-free following BIO_new_NDEF (CVE-2023-0215) Double free after calling PEM_read_bio_ex (CVE-2022-4450) After discussing with jsing, we decided that it's best to neuter the "fix" for Timing Oracle in RSA Decryption (CVE-2022-4304) for the time being. The upstream patch is ~700 lines of strange code without license and with barely decipherable comments - initial versions sported several variants of "mongomery". Testers found issues on aarch64... Even by OpenSSL standards this is badly written and manifestly poorly tested code. It is irresponsible to subject users to this in a security update before it has seen more testing.
Documentation for the ports tree: ports(7), packages(7), mirroring-ports(7), library-specs(7), bsd.port.mk(5), bsd.port.arch.mk(5), port-modules(5). dpb(1), bulk(8) for bulk builds. See also the OpenBSD Porter's Handbook http://www.openbsd.org/faq/ports/