git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Tim Orling <ticotimo@gmail.com>
	Tue, 30 May 2023 19:20:39 +0000 (12:20 -0700)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Thu, 1 Jun 2023 07:04:14 +0000 (08:04 +0100)
commit	26ce9a5fd31c27812ce8784a398b600cc0e9aa80
tree	3b99d1d0cc23aa71fc71956268ee5f9e17fa5cd6	tree \| snapshot
parent	8d17776765a99a4ae327797206ef2a8a735ce87b	commit \| diff

openssl: upgrade 3.1.0 -> 3.1.1

* Drop CVE-2023-0464.patch (merged upstream).
* Refresh 0001-Configure-do-not-tweak-mips-cflags.patch

https://github.com/openssl/openssl/blob/openssl-3.1.1/NEWS.md

Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [30 May 2023]

* Mitigate for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms (CVE-2023-1255)
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
* Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465)
* Limited the number of nodes created in a policy tree (CVE-2023-0464)

Security Advisory:
https://www.openssl.org/news/secadv/20230530.txt

CVE: CVE-2023-2650
CVE: CVE-2023-1255
CVE: CVE-2023-0466
CVE: CVE-2023-0465
CVE: CVE-2023-0464

Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-connectivity/openssl/openssl/0001-Configure-do-not-tweak-mips-cflags.patch		diff \| blob \| blame \| history
meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch	[deleted file]	blob \| blame \| history
meta/recipes-connectivity/openssl/openssl_3.1.1.bb	[moved from meta/recipes-connectivity/openssl/openssl_3.1.0.bb with 98% similarity]	diff \| blob \| blame \| history