diff options
Diffstat (limited to 'dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch')
| -rw-r--r-- | dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch deleted file mode 100644 index 9a315f4..0000000 --- a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch +++ /dev/null @@ -1,41 +0,0 @@ -commit fc814a30fc4f0bc54fcea7d9a7462f5457aab061 -Author: Tomas Mraz <tomas@openssl.org> -Date: Tue Mar 21 16:15:47 2023 +0100 - - Fix documentation of X509_VERIFY_PARAM_add0_policy() - - The function was incorrectly documented as enabling policy checking. - - Fixes: CVE-2023-0466 - - Reviewed-by: Paul Dale <pauli@openssl.org> - Reviewed-by: Matt Caswell <matt@openssl.org> - (Merged from https://github.com/openssl/openssl/pull/20562) - -diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod -index 20aea99b5b..fcbbfc4c30 100644 ---- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod -+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod -@@ -98,8 +98,9 @@ B<trust>. - X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to - B<t>. Normally the current time is used. - --X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled --by default) and adds B<policy> to the acceptable policy set. -+X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set. -+Contrary to preexisting documentation of this function it does not enable -+policy checking. - - X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled - by default) and sets the acceptable policy set to B<policies>. Any existing -@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. - The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), - and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0. - -+The function X509_VERIFY_PARAM_add0_policy() was historically documented as -+enabling policy checking however the implementation has never done this. -+The documentation was changed to align with the implementation. -+ - =head1 COPYRIGHT - - Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. |