tlsdate: Patch Android fixes |
|||||||
Issue description
,
Jun 26 2017
I'm speculatively assigning Low severity here, please change if needed.
,
Oct 18 2017
,
Nov 7 2017
,
Jan 30 2018
I looked at the commits, are these actually security bugs? 5a3de fixes compilation on MIPS64?
,
Jan 30 2018
I don't think the various changes I made had security consequences, though the code was rather a mess. You would need them eventually if switching your OpenSSL 1.0.2 (due to be EOL at the end of 2019) to either BoringSSL or OpenSSL 1.1.0. Those being: https://android.googlesource.com/platform/external/tlsdate/+/c339766a51d2db711171cb704e30b7ae916a987f https://android.googlesource.com/platform/external/tlsdate/+/5a3de7f1137f650c5b4da38fcf3da3a00be905d2
,
Jan 31 2018
Yeah those are the two that I suggested merging. We should just do it.
,
Jan 31 2018
(Ah, hrm. For some reason your links have a %5E on them which is taking them to parent commits instead.)
,
Mar 7 2018
,
Apr 12 2018
Keeping this open for the eventual OpenSSL uprev but this is not currently actionable, and also not a security bug.
,
Jan 15
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by sheriffbot@chromium.org
, Jun 24 2017