new file mode 100644
@@ -0,0 +1,82 @@
+From 0d16b7e99aafc0b4a6d729eec65a411a7e025f0a Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 21 Mar 2023 16:15:47 +0100
+Subject: [PATCH] Fix documentation of X509_VERIFY_PARAM_add0_policy()
+
+The function was incorrectly documented as enabling policy checking.
+
+Fixes: CVE-2023-0466
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20564)
+
+CVE: CVE-2023-0466
+Upstream-Status: Backport [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a]
+Comment: Refreshed first hunk from CHANGE and NEWS
+Signed-off-by: Omkar Patil <omkar.patil@kpit.com>
+
+---
+ CHANGES | 5 +++++
+ NEWS | 1 +
+ doc/man3/X509_VERIFY_PARAM_set_flags.pod | 9 +++++++--
+ 3 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/CHANGES b/CHANGES
+index efccf7838e..b19f1429bb 100644
+--- a/CHANGES
++++ b/CHANGES
+@@ -9,6 +9,11 @@
+
+ Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
+
++ *) Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
++ that it does not enable policy checking. Thanks to
++ David Benjamin for discovering this issue. (CVE-2023-0466)
++ [Tomas Mraz]
++
+ *) Fixed X.400 address type confusion in X.509 GeneralName.
+
+ There is a type confusion vulnerability relating to X.400 address processing
+diff --git a/NEWS b/NEWS
+index 36a9bb6890..62615693fa 100644
+--- a/NEWS
++++ b/NEWS
+@@ -7,6 +7,7 @@
+
+ Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023]
+
++ o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
+ o Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
+ o Fixed Use-after-free following BIO_new_NDEF (CVE-2023-0215)
+ o Fixed Double free after calling PEM_read_bio_ex (CVE-2022-4450)
+diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+index f6f304bf7b..aa292f9336 100644
+--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+@@ -92,8 +92,9 @@ B<trust>.
+ X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to
+ B<t>. Normally the current time is used.
+
+-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled
+-by default) and adds B<policy> to the acceptable policy set.
++X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set.
++Contrary to preexisting documentation of this function it does not enable
++policy checking.
+
+ X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled
+ by default) and sets the acceptable policy set to B<policies>. Any existing
+@@ -377,6 +378,10 @@ and has no effect.
+
+ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i.
+
++The function X509_VERIFY_PARAM_add0_policy() was historically documented as
++enabling policy checking however the implementation has never done this.
++The documentation was changed to align with the implementation.
++
+ =head1 COPYRIGHT
+
+ Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
+--
+2.34.1
+
@@ -20,6 +20,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://reproducibility.patch \
file://CVE-2023-0464.patch \
file://CVE-2023-0465.patch \
+ file://CVE-2023-0466.patch \
"
SRC_URI_append_class-nativesdk = " \