From patchwork Fri Nov 18 22:51:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6138 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4NDX8Y0P14z3wgd for ; Fri, 18 Nov 2022 22:51:41 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4NDX8X3q6Wz2Nc; Fri, 18 Nov 2022 22:51:40 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4NDX8X3Bygz2xlg; Fri, 18 Nov 2022 22:51:40 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4NDX8W0qZHz2xHD for ; Fri, 18 Nov 2022 22:51:39 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4NDX8V4z4bz19J; Fri, 18 Nov 2022 22:51:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1668811898; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=XZttE/SIRm0B0BqU5jT3fXqvQEihNN3moWKj+vrp/0U=; b=gkYVJx4Hasr6TsNeu6VgTrsk3uDzmNNE0QWxgwAE4mbny1VrKMK8o3l2cIqQfrOekjHJWj yhUI9gmNy/WprU3oy9CYVraMr2J04EqcFBCvVZ/yAbIia64nfdRE1tpiWarBWXJLKapb/c NNKwe+ECdjsDDUOjoOrg06IEwRmtNZ6KI/rz4rIXLyv48bGQY0qmqVS3YaMFoS/2tHcMnr m615EiMgWAHQoh5HZaw8WrQiecn1r1onL+oW2q+0/f2stbiNs/AOLR9FNxMm4YzOx282ZX aaT1pt2E9S6OS3/k2+FBMp9gnrSFUA+jq5ijkG0PLcli7ffU6+X4zu+5KUiOLw== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1668811898; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=XZttE/SIRm0B0BqU5jT3fXqvQEihNN3moWKj+vrp/0U=; b=dUsyOq+Wq9GmMYu1TSQxuxjBBDOnzNgyLf5vIltYqA9EiDeTd91yKJ6LJj/tXZDwoihFft IQWTBBQ3fZ7zvKCg== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] openssl: Update to version 1.1.1s Date: Fri, 18 Nov 2022 23:51:36 +0100 Message-Id: <20221118225136.1361926-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from version 1.1.1q to 1.1.1s - Update of rootfile - Changelog Changes between 1.1.1r and 1.1.1s [1 Nov 2022] *) Fixed a regression introduced in 1.1.1r version not refreshing the certificate data to be signed before signing the certificate. Changes between 1.1.1q and 1.1.1r [11 Oct 2022] *) Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was causing incorrect results in some cases as a result. *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases *) Fixed a regression introduced in 1.1.1o for re-signing certificates with different key sizes *) Added the loongarch64 target *) Fixed a DRBG seed propagation thread safety issue *) Fixed a memory leak in tls13_generate_secret *) Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. *) Added a missing header for memcmp that caused compilation failure on some platforms Signed-off-by: Adolf Belka Reviewed-by: Michael Tremer --- config/rootfiles/common/openssl | 4 ++++ lfs/openssl | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl index bb7e6f65c..ea672ffac 100644 --- a/config/rootfiles/common/openssl +++ b/config/rootfiles/common/openssl @@ -2329,6 +2329,8 @@ usr/lib/libssl.so.1.1 #usr/share/doc/openssl/html/man3/PKCS7_SIGNER_INFO_new.html #usr/share/doc/openssl/html/man3/PKCS7_SIGN_ENVELOPE_free.html #usr/share/doc/openssl/html/man3/PKCS7_SIGN_ENVELOPE_new.html +#usr/share/doc/openssl/html/man3/PKCS7_add_certificate.html +#usr/share/doc/openssl/html/man3/PKCS7_add_crl.html #usr/share/doc/openssl/html/man3/PKCS7_decrypt.html #usr/share/doc/openssl/html/man3/PKCS7_dup.html #usr/share/doc/openssl/html/man3/PKCS7_encrypt.html @@ -6314,6 +6316,8 @@ usr/lib/libssl.so.1.1 #usr/share/man/man3/PKCS7_SIGNER_INFO_new.3 #usr/share/man/man3/PKCS7_SIGN_ENVELOPE_free.3 #usr/share/man/man3/PKCS7_SIGN_ENVELOPE_new.3 +#usr/share/man/man3/PKCS7_add_certificate.3 +#usr/share/man/man3/PKCS7_add_crl.3 #usr/share/man/man3/PKCS7_decrypt.3 #usr/share/man/man3/PKCS7_dup.3 #usr/share/man/man3/PKCS7_encrypt.3 diff --git a/lfs/openssl b/lfs/openssl index 28a92a6b3..d456577fa 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@ include Config -VER = 1.1.1q +VER = 1.1.1s THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -74,7 +74,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5 +$(DL_FILE)_BLAKE2 = ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb install : $(TARGET)