Message ID | 20231201170120.111421-1-adolf.belka@ipfire.org |
---|---|
State | Accepted |
Commit | 16e57320c765a023c7b480b0df2d9ce6fa28c4f3 |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ShfVJ1M4xz3wtp for <patchwork@web04.haj.ipfire.org>; Fri, 1 Dec 2023 17:01:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ShfVG1PVszxZ; Fri, 1 Dec 2023 17:01:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ShfVF6jwWz308y; Fri, 1 Dec 2023 17:01:41 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ShfTz2z6fz2xYk for <development@lists.ipfire.org>; Fri, 1 Dec 2023 17:01:27 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ShfTw4Qnczx5; Fri, 1 Dec 2023 17:01:24 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1701450084; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=7oWoNJuaHfI8biXrJT6wGbMFDjtHfg7CkFEde813prc=; b=+1rTxOHEBeeE/0hyhNQ2bXv+k7WvixuaX3dK+ya6H75OYqYl3Fv08Wz9WMmXA26QGGA23v L1fBNmI2bxoFJWBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1701450084; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=7oWoNJuaHfI8biXrJT6wGbMFDjtHfg7CkFEde813prc=; b=qDgNzPgcFD6a+zZ8flP3cf8wySGQ9V5KowmmrVZ6e21eB5pa8oQEzsLOnQaVknZsYkfbK2 cxztzXpW8s6zGf1ey+WaEDwBJhXM/i9kkyx3RaidCfcBzvCBLpbT3Hj8qngNA6RJtP6vd5 BnTlYLj45EYbY/JKyQIiXotuLVKVNrqMIZkbi4Vq9urJKC3IZp8hhyRXqRDl3PBW6T6YOZ 3ansE0b3p/ogyuJQ5+zPNB5psIhm2IcTCBqM4r6qujjQhHi8cps0GfZ7fibSR9Vj1HTohF 5VDvh6k0g2fi3hcyvS2cBQBgkA4rqfvnRLyDLztpi6uSNqMCkOEHh+JYkbXsQw== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] openssl: Update to version 3.1.4 Date: Fri, 1 Dec 2023 18:01:20 +0100 Message-ID: <20231201170120.111421-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: PJTIQHT5WU6FT4VDV43QP4LLQ25ELI44 X-Message-ID-Hash: PJTIQHT5WU6FT4VDV43QP4LLQ25ELI44 X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> Archived-At: <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/PJTIQHT5WU6FT4VDV43QP4LLQ25ELI44/> List-Archive: <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Owner: <mailto:development-owner@lists.ipfire.org> List-Post: <mailto:development@lists.ipfire.org> List-Subscribe: <mailto:development-join@lists.ipfire.org> List-Unsubscribe: <mailto:development-leave@lists.ipfire.org> |
Series |
openssl: Update to version 3.1.4
|
|
Commit Message
Adolf Belka
Dec. 1, 2023, 5:01 p.m. UTC
- IPFire-3.x
- Update from version 3.1.2 to 3.1.4
- Changelog
3.1.4
* Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),
EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters
that alter the key or IV length ([CVE-2023-5363]).
3.1.3
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
The POLY1305 MAC (message authentication code) implementation in OpenSSL
does not save the contents of non-volatile XMM registers on Windows 64
platform when calculating the MAC of data larger than 64 bytes. Before
returning to the caller all the XMM registers are set to zero rather than
restoring their previous content. The vulnerable code is used only on newer
x86_64 processors supporting the AVX512-IFMA instructions.
The consequences of this kind of internal application state corruption can
be various - from no consequences, if the calling application does not
depend on the contents of non-volatile XMM registers at all, to the worst
consequences, where the attacker could get complete control of the
application process. However given the contents of the registers are just
zeroized so the attacker cannot put arbitrary values inside, the most likely
consequence, if any, would be an incorrect result of some application
dependent calculations or a crash leading to a denial of service.
([CVE-2023-4807])
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
openssl/openssl.nm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/openssl/openssl.nm b/openssl/openssl.nm index 6d5d21863..19214a8e9 100644 --- a/openssl/openssl.nm +++ b/openssl/openssl.nm @@ -4,8 +4,8 @@ ############################################################################### name = openssl -version = 3.1.2 -release = 2 +version = 3.1.4 +release = 1 maintainer = Michael Tremer <michael.tremer@ipfire.org> groups = System/Libraries