From: Matt Caswell <matt@openssl.org>
Date: Tue, 8 Dec 2020 11:19:41 +0000 (+0000)
Subject: Update CHANGES and NEWS for new release
X-Git-Tag: OpenSSL_1_1_1i~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a672794c04ec3ad0cf0796cf025edf6786de98b9;p=thirdparty%2Fopenssl.git

Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>
---

diff --git a/CHANGES b/CHANGES
index ff01d65b7ec..d08b3c74f5c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,19 @@
 
  Changes between 1.1.1h and 1.1.1i [xx XXX xxxx]
 
+  *) Fixed NULL pointer deref in the GENERAL_NAME_cmp function
+     This function could crash if both GENERAL_NAMEs contain an EDIPARTYNAME.
+     If an attacker can control both items being compared  then this could lead
+     to a possible denial of service attack. OpenSSL itself uses the
+     GENERAL_NAME_cmp function for two purposes:
+     1) Comparing CRL distribution point names between an available CRL and a
+        CRL distribution point embedded in an X509 certificate
+     2) When verifying that a timestamp response token signer matches the
+        timestamp authority name (exposed via the API functions
+        TS_RESP_verify_response and TS_RESP_verify_token)
+     (CVE-2020-1971)
+     [Matt Caswell]
+
   *) Add support for Apple Silicon M1 Macs with the darwin64-arm64-cc target.
      [Stuart Carnie]
 
diff --git a/NEWS b/NEWS
index 0a9adf3e3d9..5a304ae6006 100644
--- a/NEWS
+++ b/NEWS
@@ -7,7 +7,7 @@
 
   Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [under development]
 
-      o
+      o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
 
   Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]