git.openwrt.org Git - openwrt/openwrt.git/commit

author	Ivan Pavlov <AuthorReflex@gmail.com>
	Sun, 4 Jun 2023 19:34:39 +0000 (22:34 +0300)
committer	Hauke Mehrtens <hauke@hauke-m.de>
	Fri, 9 Jun 2023 11:36:21 +0000 (13:36 +0200)
commit	e1d59497e9d0104388a58ceda770afcc087a6c37
tree	e04edbc99f3f6efc8dddebc2ec40f9f88730b741	tree \| snapshot
parent	c78ba8a69562fed73a409000a3d541ea7fa2a821	commit \| diff

openssl: update to 3.0.9

CVE-2023-2650 fix
Remove upstreamed patches

Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
* Mitigate for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms (CVE-2023-1255)
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
* Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465)
* Limited the number of nodes created in a policy tree (CVE-2023-0464)

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 6348850f10545aac70db94d3a9555a4f2eb84281)

package/libs/openssl/Makefile		diff \| blob \| history
package/libs/openssl/patches/120-strip-cflags-from-binary.patch		diff \| blob \| history
package/libs/openssl/patches/200-x509-excessive-resource-use-verifying-policy-constra.patch	[deleted file]	blob \| history
package/libs/openssl/patches/210-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch	[deleted file]	blob \| history
package/libs/openssl/patches/220-aesv8-armx.pl-Avoid-buffer-overrread-in-AES-XTS-decr.patch	[deleted file]	blob \| history