mirror of
https://git.yoctoproject.org/poky
synced 2026-04-26 09:32:14 +02:00
5e47346311
https://www.openssl.org/news/openssl-1.1.1-notes.html Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023] * Fix excessive time spent checking DH q parameter value (CVE-2023-3817) * Fix DH_check() excessive time with over sized modulus (CVE-2023-3446) Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023] * Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650) * Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466) * Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465) * Limited the number of nodes created in a policy tree ([CVE-2023-0464]) All CVEs for upgrade to 1.1.1u were already patched, so effectively this will apply patches for CVE-2023-3446 and CVE-2023-3817 plus several non-CVE fixes. Because of mips build changes were backported to openssl 1.1.1 branch, backport of a patch from kirkstone is necessary. (From OE-Core rev: be5d49d86553769deaf4754969d2cf6931d6ac34) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>