diff options
| author | Peter Marko <peter.marko@siemens.com> | 2023-08-10 19:46:12 +0200 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2023-08-16 03:55:13 -1000 |
| commit | 5e47346311d9f14a0ca4c71d59963f25c0f2898d (patch) | |
| tree | 5ebaff9421f5e202d4396e6398c208ae6ac5805f /scripts/lib/recipetool/create.py | |
| parent | d76406934a99352fd715b4152e25294ca0f38016 (diff) | |
| download | poky-5e47346311d9f14a0ca4c71d59963f25c0f2898d.tar.gz | |
openssl: Upgrade 1.1.1t -> 1.1.1v
https://www.openssl.org/news/openssl-1.1.1-notes.html
Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023]
* Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
* Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023]
* Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
* Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465)
* Limited the number of nodes created in a policy tree ([CVE-2023-0464])
All CVEs for upgrade to 1.1.1u were already patched, so effectively
this will apply patches for CVE-2023-3446 and CVE-2023-3817 plus
several non-CVE fixes.
Because of mips build changes were backported to openssl 1.1.1 branch,
backport of a patch from kirkstone is necessary.
(From OE-Core rev: be5d49d86553769deaf4754969d2cf6931d6ac34)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'scripts/lib/recipetool/create.py')
0 files changed, 0 insertions, 0 deletions