diff --git a/CHANGES b/CHANGES
index 08e97ba61a2fe791fbf7a91ce5eb8bf7719f584b..80878c99cbbe675d00fabf5428b2c2ea0fdad41f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,9 +7,21 @@
  https://github.com/openssl/openssl/commits/ and pick the appropriate
  release branch.
 
- Changes between 1.1.1w and 1.1.1x [xx XXX xxxx]
+ Changes between 1.1.1w and 1.1.1ea [8 Nov 2023]
 
- *)
+ *) Make DH_check_pub_key() and DH_generate_key() safer yet
+   
+   We already check for an excessively large P in DH_generate_key(), but not in
+   DH_check_pub_key(), and none of them check for an excessively large Q.
+
+   This change adds all the missing excessive size checks of P and Q.
+
+   It's to be noted that behaviours surrounding excessively sized P and Q
+   differ.  DH_check() raises an error on the excessively sized P, but only
+   sets a flag for the excessively sized Q.  This behaviour is mimicked in
+   DH_check_pub_key().
+
+   Fix CVE-2023-5678
 
  Changes between 1.1.1v and 1.1.1w [11 Sep 2023]
 
diff --git a/NEWS b/NEWS
index 836aede8e5be4fadff0e6bdaa6ffc1895eacdace..dae0fbba2fdd09ca7bbd84d65892ae5f63546738 100644
--- a/NEWS
+++ b/NEWS
@@ -5,9 +5,9 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
-  Major changes between OpenSSL 1.1.1w and OpenSSL 1.1.1x [under development]
+  Major changes between OpenSSL 1.1.1w and OpenSSL 1.1.1ea [8 Nov 2023]
 
-      o
+      o Make DH_check_pub_key() and DH_generate_key() safer yet (CVE-2023-5678)
 
   Major changes between OpenSSL 1.1.1v and OpenSSL 1.1.1w [11 Sep 2023]
 
diff --git a/README b/README
index 8c47d7aa39fcc055112860fe7b6c8b134f51c5ed..b289f08fe5736ffaf65a2839ccd4cb6458374c06 100644
--- a/README
+++ b/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.1.1x-dev
+ OpenSSL 1.1.1ea 8 Nov 2023
 
  Copyright (c) 1998-2023 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
diff --git a/include/openssl/opensslv.h b/include/openssl/opensslv.h
index d2c0aaf27700fac1d42aca7af1013e710e3d4ed0..b3e73713b6f0609a209f1e221832a165ddc194ee 100644
--- a/include/openssl/opensslv.h
+++ b/include/openssl/opensslv.h
@@ -39,8 +39,8 @@ extern "C" {
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-# define OPENSSL_VERSION_NUMBER  0x10101180L
-# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1x-dev  xx XXX xxxx"
+# define OPENSSL_VERSION_NUMBER  0x1010180fL
+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1ea  8 Nov 2023"
 
 /*-
  * The macros below are to be used for shared library (.so, .dll, ...)
diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
index 16395eeaf162d3c0b07fbb45ecee1061856f3c69..f816e2f166b6956fefd2ea81bb7cfa0ca9db659f 100644
--- a/test/recipes/01-test_symbol_presence.t
+++ b/test/recipes/01-test_symbol_presence.t
@@ -63,7 +63,7 @@ foreach my $libname (@libnames) {
                 # Drop the first space and everything following it
                 s| .*||;
                 # Drop OpenSSL dynamic version information if there is any
-                s|\@\@OPENSSL_[0-9._]+[a-z]?$||;
+                s|\@\@OPENSSL_[0-9._]+[a-z]{0,2}$||;
                 # Return the result
                 $_
             }
diff --git a/util/libcrypto.num b/util/libcrypto.num
index d4e30117930966af7cbce3d5e39cefc3d023ed5f..4d6cd12a8a5b09d91a77324b4f35578109b64e3c 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4591,11 +4591,11 @@ X509_ALGOR_copy                         4544	1_1_1h	EXIST::FUNCTION:
 X509_REQ_set0_signature                 4545	1_1_1h	EXIST::FUNCTION:
 X509_REQ_set1_signature_algo            4546	1_1_1h	EXIST::FUNCTION:
 EC_KEY_decoded_from_explicit_params     4547	1_1_1h	EXIST::FUNCTION:EC
-EVP_sm4_xts                             4548	1_1_1x	EXIST::FUNCTION:SM4
-CRYPTO_xts128gb_encrypt                 4549	1_1_1x	EXIST::FUNCTION:
-X509_set0_sm2_id                        4550	1_1_1x	EXIST::FUNCTION:SM2
-X509_get0_sm2_id                        4551	1_1_1x	EXIST::FUNCTION:SM2
-X509_REQ_get0_sm2_id                    4552	1_1_1x	EXIST::FUNCTION:SM2
-X509_REQ_set0_sm2_id                    4553	1_1_1x	EXIST::FUNCTION:SM2
-EVP_PKEY_is_sm2                         4554	1_1_1x	EXIST::FUNCTION:SM2
-SM2_compute_key                         4555	1_1_1x	EXIST::FUNCTION:SM2
+EVP_sm4_xts                             4548	1_1_1ea	EXIST::FUNCTION:SM4
+CRYPTO_xts128gb_encrypt                 4549	1_1_1ea	EXIST::FUNCTION:
+X509_set0_sm2_id                        4550	1_1_1ea	EXIST::FUNCTION:SM2
+X509_get0_sm2_id                        4551	1_1_1ea	EXIST::FUNCTION:SM2
+X509_REQ_get0_sm2_id                    4552	1_1_1ea	EXIST::FUNCTION:SM2
+X509_REQ_set0_sm2_id                    4553	1_1_1ea	EXIST::FUNCTION:SM2
+EVP_PKEY_is_sm2                         4554	1_1_1ea	EXIST::FUNCTION:SM2
+SM2_compute_key                         4555	1_1_1ea	EXIST::FUNCTION:SM2
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 2486412f772272150d3795974f96f3c94df143de..92928e4c3764f4c578510150b69727425bcc99ad 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -1516,6 +1516,17 @@ sub get_next_version()
 
 	my ($base, $letter) = $thisversion =~ /^(\d_\d_\d)([a-z]{0,2})$/;
 
+	if ($thisversion eq "1_1_1w") {
+		return "1_1_1"."ea";
+	}
+	if ((length $letter) > 1) {
+		my $baseletter = "";
+		my $endletter;
+		($baseletter, $endletter) = $letter =~ /([a-z]+)([a-z])/;
+		if ($baseletter eq "e") {
+			return "1_1_1".$baseletter.(++$endletter);
+		}
+	}
 	if ($letter eq "zz") {
 		my $lastnum = substr($base, -1);
 		return substr($base, 0, length($base)-1).(++$lastnum);