diff options
Diffstat (limited to 'poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch')
-rw-r--r-- | poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch | 50 |
1 files changed, 0 insertions, 50 deletions
diff --git a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch b/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch deleted file mode 100644 index a16bfe42ca..0000000000 --- a/poky/meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 51e8a84ce742db0f6c70510d0159dad8f7825908 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz <tomas@openssl.org> -Date: Tue, 21 Mar 2023 16:15:47 +0100 -Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy() - -The function was incorrectly documented as enabling policy checking. - -Fixes: CVE-2023-0466 - -Reviewed-by: Matt Caswell <matt@openssl.org> -Reviewed-by: Paul Dale <pauli@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/20563) - -Upstream-Status: Backport from [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908] -CVE: CVE-2023-0466 -Signed-off-by: Siddharth Doshi <sdoshi@mvista.com> ---- - doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod -index 75a1677..43c1900 100644 ---- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod -+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod -@@ -98,8 +98,9 @@ B<trust>. - X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to - B<t>. Normally the current time is used. - --X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled --by default) and adds B<policy> to the acceptable policy set. -+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set. -+Contrary to preexisting documentation of this function it does not enable -+policy checking. - - X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled - by default) and sets the acceptable policy set to B<policies>. Any existing -@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. - The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), - and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0. - -+The function X509_VERIFY_PARAM_add0_policy() was historically documented as -+enabling policy checking however the implementation has never done this. -+The documentation was changed to align with the implementation. -+ - =head1 COPYRIGHT - - Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. --- -2.35.7 - |