mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-28 09:39:00 +00:00
e1d59497e9
CVE-2023-2650 fix
Remove upstreamed patches
Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
* Mitigate for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms (CVE-2023-1255)
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
* Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465)
* Limited the number of nodes created in a policy tree (CVE-2023-0464)
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 6348850f10)
22 lines
909 B
Diff
22 lines
909 B
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
Date: Thu, 27 Sep 2018 08:31:38 -0300
|
|
Subject: Avoid exposing build directories
|
|
|
|
The CFLAGS contain the build directories, and are shown by calling
|
|
OpenSSL_version(OPENSSL_CFLAGS), or running openssl version -a
|
|
|
|
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
|
|
|
--- a/crypto/build.info
|
|
+++ b/crypto/build.info
|
|
@@ -111,7 +111,7 @@ DEFINE[../libcrypto]=$UPLINKDEF
|
|
|
|
DEPEND[info.o]=buildinf.h
|
|
DEPEND[cversion.o]=buildinf.h
|
|
-GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q)" "$(PLATFORM)"
|
|
+GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(filter-out -I% -iremap% -fmacro-prefix-map% -ffile-prefix-map%,$(CC) $(LIB_CFLAGS) $(CPPFLAGS_Q))" "$(PLATFORM)"
|
|
|
|
GENERATE[uplink-x86.S]=../ms/uplink-x86.pl
|
|
GENERATE[uplink-x86_64.s]=../ms/uplink-x86_64.pl
|