git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Ed Tanous <edtanous@google.com>
	Fri, 4 Nov 2022 03:00:39 +0000 (17:00 -1000)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Fri, 4 Nov 2022 13:13:27 +0000 (13:13 +0000)
commit	78220bd59d98c1713336baf06b4babc6390a07c4
tree	7b9d54144718d06f7ec89fdcf1950d18b5d5978b	tree
parent	098e89e89eb58f7d0a6004d4672f3d7365c329dc	commit \| diff

openssl: Upgrade 3.0.5 -> 3.0.7

OpenSSL 3.0.5 includes a HIGH level security vulnerability [1].

Upgrade the recipe to point to 3.0.7.

CVE-2022-3358 is reported fixed in 3.0.6, so drop the patch for that as
well.

[1] https://www.openssl.org/news/vulnerabilities.html

Fixes CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows
https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/

Signed-off-by: Ed Tanous <edtanous@google.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a69ea1f7db96ec8b853573bd581438edd42ad6e0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-connectivity/openssl/openssl/CVE-2022-3358.patch	[deleted file]	blob \| blame \| history
meta/recipes-connectivity/openssl/openssl_3.0.7.bb	[moved from meta/recipes-connectivity/openssl/openssl_3.0.5.bb with 98% similarity]	diff \| blob \| blame \| history