Eneas U de Queiroz b6cbab1ad7 openssl: fix CVE-2023-464 and CVE-2023-465 ... Apply two patches fixing low-severity vulnerabilities related to certificate policies validation: - Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464) Severity: Low A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. - Invalid certificate policies in leaf certificates are silently ignored (CVE-2023-0465) Severity: Low Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Note: OpenSSL also released a fix for low-severity security advisory CVE-2023-466. It is not included here because the fix only changes the documentation, which is not built nor included in any OpenWrt package. Due to the low-severity of these issues, there will be not be an immediate new release of OpenSSL. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>		2023-04-17 12:05:29 -03:00
..
argp-standalone	argp-standalone: fix compilation with Alpine Linux	2022-03-16 17:58:24 +01:00
elfutils	elfutils: Add missing musl-fts dependency	2022-01-07 20:50:50 -08:00
gettext-full	gettext-full: add gmsgfmt symlink in host install	2022-04-05 00:20:24 +02:00
gmp
jansson
libaudit
libbsd
libcap	libcap: Update to version 2.63	2022-02-01 21:25:02 +01:00
libevent2
libiconv
libiconv-full
libjson-c
libmnl	libmnl: fix build when bash is not located at /bin/bash	2022-08-05 15:24:57 +02:00
libnetfilter-conntrack	libnetfilter-conntrack: backport patch fixing compilation with 5.15	2022-03-05 21:05:45 +01:00
libnfnetlink	libnfnetlink: update to 1.0.2	2022-04-10 16:26:01 +01:00
libnftnl	libnftnl: add package CPE ID	2022-10-23 14:21:03 +02:00
libnl
libnl-tiny
libpcap	libpcap: fix PKG_CONFIG_DEPENDS for rpcapd	2022-07-20 18:12:52 +02:00
libselinux	libselinux: add missing host-build dependency on libsepol/host	2022-04-10 16:26:01 +01:00
libsemanage
libsepol
libtool
libubox	libubox: update to the latest version	2022-06-07 21:36:58 +02:00
libunwind	libunwind: add ppc64 support	2021-12-21 21:37:05 +02:00
libusb	libusb: fix missing link	2022-06-25 00:05:21 +02:00
mbedtls	mbedtls: move source modification to patch	2023-01-18 23:39:11 +01:00
musl-fts	musl-fts: add host build	2022-04-11 23:17:55 +02:00
ncurses	ncurses: add package CPE ID	2022-10-23 14:21:03 +02:00
nettle
openssl	openssl: fix CVE-2023-464 and CVE-2023-465	2023-04-17 12:05:29 -03:00
pcre	pcre: disable shared libraries for host builds	2022-04-05 00:20:24 +02:00
popt
readline	readline: add host PIC	2022-04-17 21:47:11 +02:00
sysfsutils
toolchain	toolchain: reproducible libstdcpp	2022-04-06 13:59:44 +01:00
uclient	uclient: update to Git version 2023-04-13	2023-04-13 20:54:06 +02:00
ustream-ssl	treewide: Trigger reinstall of all wolfssl dependencies	2023-01-01 21:42:41 +01:00
wolfssl	wolfssl: update to 5.5.4-stable	2023-01-01 21:42:39 +01:00
zlib	zlib: backport null dereference fix	2022-08-09 08:12:46 +02:00