diff options
| author | Michael Stahl <michael.stahl@allotropia.de> | 2023-02-08 12:36:16 +0100 |
|---|---|---|
| committer | Michael Stahl <michael.stahl@allotropia.de> | 2023-02-08 14:22:00 +0000 |
| commit | 80dd2ce29413809ca337618e313795bd9610cf80 (patch) | |
| tree | 154ee239a5578ca391b6e999b9425b89c1aae461 /external/openssl | |
| parent | 9ebba1d99457a1049c2f61ba15cd4c99a68d74e7 (diff) | |
openssl: upgrade to release 3.0.8
Fixes CVE-2023-0401 CVE-2023-0286 CVE-2023-0217 CVE-2023-0216
CVE-2023-0215 CVE-2022-4450 CVE-2022-4304 CVE-2022-4203 CVE-2022-3996
Remove the patch that fixed CVE-2022-3996.
Change-Id: I8587d780ea7dc07637278643dc1c49b577e3ae56
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/146657
Tested-by: Michael Stahl <michael.stahl@allotropia.de>
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Diffstat (limited to 'external/openssl')
| -rw-r--r-- | external/openssl/0001-x509-fix-double-locking-problem.patch.1 | 39 | ||||
| -rw-r--r-- | external/openssl/UnpackedTarball_openssl.mk | 1 | ||||
| -rw-r--r-- | external/openssl/system-cannot-find-path-for-move.patch.0 | 11 |
3 files changed, 0 insertions, 51 deletions
diff --git a/external/openssl/0001-x509-fix-double-locking-problem.patch.1 b/external/openssl/0001-x509-fix-double-locking-problem.patch.1 deleted file mode 100644 index ec289215e1a5..000000000000 --- a/external/openssl/0001-x509-fix-double-locking-problem.patch.1 +++ /dev/null @@ -1,39 +0,0 @@ -From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001 -From: Pauli <pauli@openssl.org> -Date: Fri, 11 Nov 2022 09:40:19 +1100 -Subject: [PATCH] x509: fix double locking problem - -This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the -redundant flag setting. - -Fixes #19643 - -Fixes LOW CVE-2022-3996 - -Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> -Reviewed-by: Tomas Mraz <tomas@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/19652) - -(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5) ---- - crypto/x509/pcy_map.c | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c -index 05406c6493..60dfd1e320 100644 ---- a/crypto/x509/pcy_map.c -+++ b/crypto/x509/pcy_map.c -@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) - - ret = 1; - bad_mapping: -- if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) { -- x->ex_flags |= EXFLAG_INVALID_POLICY; -- CRYPTO_THREAD_unlock(x->lock); -- } - sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); - return ret; - --- -2.39.0 - diff --git a/external/openssl/UnpackedTarball_openssl.mk b/external/openssl/UnpackedTarball_openssl.mk index 7ee91bb43425..2a8f3bb3f905 100644 --- a/external/openssl/UnpackedTarball_openssl.mk +++ b/external/openssl/UnpackedTarball_openssl.mk @@ -12,7 +12,6 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,openssl)) $(eval $(call gb_UnpackedTarball_set_tarball,openssl,$(OPENSSL_TARBALL),,openssl)) $(eval $(call gb_UnpackedTarball_add_patches,openssl,\ - external/openssl/0001-x509-fix-double-locking-problem.patch.1 \ external/openssl/openssl-no-multilib.patch.0 \ external/openssl/configurable-z-option.patch.0 \ external/openssl/openssl-no-ipc-cmd.patch.0 \ diff --git a/external/openssl/system-cannot-find-path-for-move.patch.0 b/external/openssl/system-cannot-find-path-for-move.patch.0 index 7d08dd636730..421d6b8df2be 100644 --- a/external/openssl/system-cannot-find-path-for-move.patch.0 +++ b/external/openssl/system-cannot-find-path-for-move.patch.0 @@ -1,16 +1,5 @@ --- Configurations/windows-makefile.tmpl 2022-09-09 15:18:35.849924899 +0100 +++ Configurations/windows-makefile.tmpl 2022-09-09 15:20:28.895825331 +0100 -@@ -777,8 +777,8 @@ - $target: "$gen0" $deps - cmd /C "set "ASM=\$(AS)" & $generator \$@.S" - \$(CPP) $incs $cppflags $defs \$@.S > \$@.i -- move /Y \$@.i \$@ -- del /Q \$@.S -+ mv -f \$@.i \$@ -+ rm -f \$@.S - EOF - } - # Otherwise.... @@ -790,7 +790,7 @@ return <<"EOF"; $target: "$gen0" $deps |