Index: /branches/rel_apv_10_7/usr/click/lib/libopenssl-1.1.1/build.sh
===================================================================
--- /branches/rel_apv_10_7/usr/click/lib/libopenssl-1.1.1/build.sh	(revision 39829)
+++ /branches/rel_apv_10_7/usr/click/lib/libopenssl-1.1.1/build.sh	(working copy)
@@ -24,6 +24,7 @@
 PATCH20=openssl-1.1.1d-CVE-2022-4450.patch
 PATCH21=openssl-1.1.1d-CVE-2023-0215.patch
 PATCH22=openssl-1.1.1d-CVE-2023-0286.patch
+PATCH23=openssl-1.1.1d-CVE-2025-9230.patch
 if [ ! -d $OPENSSL_NAME ]
 then
 	tar -zxf $TAR_NAME
@@ -56,6 +57,7 @@
 	patch -p1 < ../$PATCH20
 	patch -p1 < ../$PATCH21
 	patch -p1 < ../$PATCH22
+        patch -p1 < ../$PATCH23
 
 	if [ -f "../../../../../is_zhaoxin" ]; then
 		patch -p1 < ../openssl-1.1.1d-bug102140.patch
Index: /branches/rel_apv_10_7/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2025-9230.patch
===================================================================
--- /branches/rel_apv_10_7/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2025-9230.patch	(revision 0)
+++ /branches/rel_apv_10_7/usr/click/lib/libopenssl-1.1.1/openssl-1.1.1d-CVE-2025-9230.patch	(working copy)
@@ -0,0 +1,11 @@
+--- a/crypto/cms/cms_pwri.c	2025-12-02 12:07:20.000000000 +0800
++++ b/crypto/cms/cms_pwri.c	2025-12-02 13:54:06.000000000 +0800
+@@ -215,7 +215,7 @@
+         /* Check byte failure */
+         goto err;
+     }
+-    if (inlen < (size_t)(tmp[0] - 4)) {
++    if (inlen < 4 + (size_t)tmp[0]) {
+         /* Invalid length value */
+         goto err;
+     }