git.openwrt.org Git - openwrt/openwrt.git/commit

author	Ivan Pavlov <AuthorReflex@gmail.com>
	Sun, 4 Jun 2023 19:34:39 +0000 (22:34 +0300)
committer	Hauke Mehrtens <hauke@hauke-m.de>
	Fri, 9 Jun 2023 11:33:27 +0000 (13:33 +0200)
commit	6348850f10545aac70db94d3a9555a4f2eb84281
tree	2e1eef69917c0c9814c847dc51b2815afde29353	tree \| snapshot
parent	75bf5b41a156badd0918d2b284d043d1c939f9bf	commit \| diff

openssl: update to 3.0.9

CVE-2023-2650 fix
Remove upstreamed patches

Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
* Mitigate for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms (CVE-2023-1255)
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
* Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465)
* Limited the number of nodes created in a policy tree (CVE-2023-0464)

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>

package/libs/openssl/Makefile		diff \| blob \| history
package/libs/openssl/patches/120-strip-cflags-from-binary.patch		diff \| blob \| history
package/libs/openssl/patches/200-x509-excessive-resource-use-verifying-policy-constra.patch	[deleted file]	blob \| history
package/libs/openssl/patches/210-Ensure-that-EXFLAG_INVALID_POLICY-is-checked-even-in.patch	[deleted file]	blob \| history
package/libs/openssl/patches/220-aesv8-armx.pl-Avoid-buffer-overrread-in-AES-XTS-decr.patch	[deleted file]	blob \| history