[Midnightbsd-cvs] [MidnightBSD/src] ddb546: Fix OpenSSL PKCS7 empty digest verification

Lucas Holt noreply at github.com
Wed Jul 1 13:53:12 EDT 2026


  Branch: refs/heads/stable/4.0
  Home:   https://github.com/MidnightBSD/src
  Commit: ddb5469c26d33103880e2fda1df02aebdc82515f
      https://github.com/MidnightBSD/src/commit/ddb5469c26d33103880e2fda1df02aebdc82515f
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2026-07-01 (Wed, 01 Jul 2026)

  Changed paths:
    M UPDATING
    M crypto/openssl/crypto/pkcs7/pk7_smime.c

  Log Message:
  -----------
  Fix OpenSSL PKCS7 empty digest verification

Reject signed PKCS#7 data with no digest algorithms before PKCS7_dataInit() can build a BIO chain from caller-owned input. This prevents the CVE-2026-45447 verification use-after-free case on stable/4.0.

AI-Assisted-by: OpenAI Codex



To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications


More information about the Midnightbsd-cvs mailing list