From patchwork Thu Jul  7 19:40:18 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 5726
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4Lf6Fk5qgNz3xG6
	for <patchwork@web04.haj.ipfire.org>; Thu,  7 Jul 2022 19:40:26 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4Lf6Fj4g0Szhm;
	Thu,  7 Jul 2022 19:40:25 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4Lf6Fj4QMHz2y0C;
	Thu,  7 Jul 2022 19:40:25 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4Lf6Fg4553z2xHs
 for <development@lists.ipfire.org>; Thu,  7 Jul 2022 19:40:23 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4Lf6Fg0RXZzfP;
 Thu,  7 Jul 2022 19:40:23 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1657222823;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=CKcRBsCUNyeA+QZ/+BpGCWtRTvYzTsl5rduxJdY5G2U=;
 b=O6scm6nyEkil5VmKFsgs0O3D7moONbLGZrzFCzCq0HkYTPMQpROzBUWcPHTjZ4Z4E74oLS
 cSusOphKd+EinBAw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1657222823;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=CKcRBsCUNyeA+QZ/+BpGCWtRTvYzTsl5rduxJdY5G2U=;
 b=UJ/bAXcTxfcXLB7RT1beGLnfskIRva1LUo2/ZKU/OprB6Wsmyn9FOzFYxk8V8eqHz5h56o
 pg02BaO1aSBmUZ98ESN4+fW6cTDtJoFqaXVW/T5eSMMa9eAIfogLFvvKMl+nnZfPjqgCIG
 s1EAm5p4hjkZa+9docySROpYpfwv+Qsq9yeqLZb8E2by3/GWVHeMyyCOIQwBX4gry9Ac7D
 MKNV/UnQLtK8Di7J0+Thz4+CrXm5X3QdepSNtPk6Q/ayIOFcrgz7bmVjw6XzzkoCUND2RU
 HoMvo635LYcHwQF/rwlXqaHjibInI5eqClvJun5a4rLYjzeu3EVSMikSTST20g==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] openssl: Update to version 1.1.1q
Date: Thu,  7 Jul 2022 21:40:18 +0200
Message-Id: <20220707194018.3571924-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

- Update from version 1.1.1p to 1.1.1q
- Update of rootfile not required
- Changelog
   Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
     (CVE-2022-2097) Severity: Moderate
        AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
        implementation would not encrypt the entirety of the data under some
        circumstances.  This could reveal sixteen bytes of data that was
        preexisting in the memory that wasn't written.  In the special case of
        "in place" encryption, sixteen bytes of the plaintext would be revealed.
        Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
        they are both unaffected.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
---
 lfs/openssl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/openssl b/lfs/openssl
index 88f533323..28a92a6b3 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.1.1p
+VER        = 1.1.1q
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -74,7 +74,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 4354753a5e52393c9cc4569954c2cac6d89a1e204fa4f9ca00a60492782d29f8952fb92664cdbb3576c6443d3cb2eacebea51db584738589f3598b40df579b12
+$(DL_FILE)_BLAKE2 = fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5
 
 install : $(TARGET)