diff options
| -rw-r--r-- | download.lst | 4 | ||||
| -rw-r--r-- | external/openssl/0001-x509-fix-double-locking-problem.patch.1 | 39 | ||||
| -rw-r--r-- | external/openssl/UnpackedTarball_openssl.mk | 1 | ||||
| -rw-r--r-- | external/openssl/system-cannot-find-path-for-move.patch.0 | 11 |
4 files changed, 2 insertions, 53 deletions
diff --git a/download.lst b/download.lst index 923935f0e2ec..98a3ec4a9560 100644 --- a/download.lst +++ b/download.lst @@ -477,8 +477,8 @@ OPENLDAP_TARBALL := openldap-2.4.59.tgz # three static lines # so that git cherry-pick # will not run into conflicts -OPENSSL_SHA256SUM := 83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e -OPENSSL_TARBALL := openssl-3.0.7.tar.gz +OPENSSL_SHA256SUM := 6c13d2bf38fdf31eac3ce2a347073673f5d63263398f1f69d0df4a41253e4b3e +OPENSSL_TARBALL := openssl-3.0.8.tar.gz # three static lines # so that git cherry-pick # will not run into conflicts diff --git a/external/openssl/0001-x509-fix-double-locking-problem.patch.1 b/external/openssl/0001-x509-fix-double-locking-problem.patch.1 deleted file mode 100644 index ec289215e1a5..000000000000 --- a/external/openssl/0001-x509-fix-double-locking-problem.patch.1 +++ /dev/null @@ -1,39 +0,0 @@ -From 7725e7bfe6f2ce8146b6552b44e0d226be7638e7 Mon Sep 17 00:00:00 2001 -From: Pauli <pauli@openssl.org> -Date: Fri, 11 Nov 2022 09:40:19 +1100 -Subject: [PATCH] x509: fix double locking problem - -This reverts commit 9aa4be691f5c73eb3c68606d824c104550c053f7 and removed the -redundant flag setting. - -Fixes #19643 - -Fixes LOW CVE-2022-3996 - -Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> -Reviewed-by: Tomas Mraz <tomas@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/19652) - -(cherry picked from commit 4d0340a6d2f327700a059f0b8f954d6160f8eef5) ---- - crypto/x509/pcy_map.c | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/crypto/x509/pcy_map.c b/crypto/x509/pcy_map.c -index 05406c6493..60dfd1e320 100644 ---- a/crypto/x509/pcy_map.c -+++ b/crypto/x509/pcy_map.c -@@ -73,10 +73,6 @@ int ossl_policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps) - - ret = 1; - bad_mapping: -- if (ret == -1 && CRYPTO_THREAD_write_lock(x->lock)) { -- x->ex_flags |= EXFLAG_INVALID_POLICY; -- CRYPTO_THREAD_unlock(x->lock); -- } - sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free); - return ret; - --- -2.39.0 - diff --git a/external/openssl/UnpackedTarball_openssl.mk b/external/openssl/UnpackedTarball_openssl.mk index 7ee91bb43425..2a8f3bb3f905 100644 --- a/external/openssl/UnpackedTarball_openssl.mk +++ b/external/openssl/UnpackedTarball_openssl.mk @@ -12,7 +12,6 @@ $(eval $(call gb_UnpackedTarball_UnpackedTarball,openssl)) $(eval $(call gb_UnpackedTarball_set_tarball,openssl,$(OPENSSL_TARBALL),,openssl)) $(eval $(call gb_UnpackedTarball_add_patches,openssl,\ - external/openssl/0001-x509-fix-double-locking-problem.patch.1 \ external/openssl/openssl-no-multilib.patch.0 \ external/openssl/configurable-z-option.patch.0 \ external/openssl/openssl-no-ipc-cmd.patch.0 \ diff --git a/external/openssl/system-cannot-find-path-for-move.patch.0 b/external/openssl/system-cannot-find-path-for-move.patch.0 index 7d08dd636730..421d6b8df2be 100644 --- a/external/openssl/system-cannot-find-path-for-move.patch.0 +++ b/external/openssl/system-cannot-find-path-for-move.patch.0 @@ -1,16 +1,5 @@ --- Configurations/windows-makefile.tmpl 2022-09-09 15:18:35.849924899 +0100 +++ Configurations/windows-makefile.tmpl 2022-09-09 15:20:28.895825331 +0100 -@@ -777,8 +777,8 @@ - $target: "$gen0" $deps - cmd /C "set "ASM=\$(AS)" & $generator \$@.S" - \$(CPP) $incs $cppflags $defs \$@.S > \$@.i -- move /Y \$@.i \$@ -- del /Q \$@.S -+ mv -f \$@.i \$@ -+ rm -f \$@.S - EOF - } - # Otherwise.... @@ -790,7 +790,7 @@ return <<"EOF"; $target: "$gen0" $deps |