Skip to content
Commit be5d49d8 authored by Peter Marko's avatar Peter Marko Committed by Steve Sakoman
Browse files

openssl: Upgrade 1.1.1t -> 1.1.1v 

https://www.openssl.org/news/openssl-1.1.1-notes.html


Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023]
* Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
* Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023]
* Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
* Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465)
* Limited the number of nodes created in a policy tree ([CVE-2023-0464])

All CVEs for upgrade to 1.1.1u were already patched, so effectively
this will apply patches for CVE-2023-3446 and CVE-2023-3817 plus
several non-CVE fixes.

Because of mips build changes were backported to openssl 1.1.1 branch,
backport of a patch from kirkstone is necessary.

Signed-off-by: default avatarPeter Marko <peter.marko@siemens.com>
Signed-off-by: default avatarSteve Sakoman <steve@sakoman.com>
parent 9d509daf
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment