From patchwork Fri Dec 1 17:01:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 7375 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ShfVJ1M4xz3wtp for ; Fri, 1 Dec 2023 17:01:44 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ShfVG1PVszxZ; Fri, 1 Dec 2023 17:01:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ShfVF6jwWz308y; Fri, 1 Dec 2023 17:01:41 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature ECDSA (secp384r1) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ShfTz2z6fz2xYk for ; Fri, 1 Dec 2023 17:01:27 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ShfTw4Qnczx5; Fri, 1 Dec 2023 17:01:24 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1701450084; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=7oWoNJuaHfI8biXrJT6wGbMFDjtHfg7CkFEde813prc=; b=+1rTxOHEBeeE/0hyhNQ2bXv+k7WvixuaX3dK+ya6H75OYqYl3Fv08Wz9WMmXA26QGGA23v L1fBNmI2bxoFJWBw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1701450084; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=7oWoNJuaHfI8biXrJT6wGbMFDjtHfg7CkFEde813prc=; b=qDgNzPgcFD6a+zZ8flP3cf8wySGQ9V5KowmmrVZ6e21eB5pa8oQEzsLOnQaVknZsYkfbK2 cxztzXpW8s6zGf1ey+WaEDwBJhXM/i9kkyx3RaidCfcBzvCBLpbT3Hj8qngNA6RJtP6vd5 BnTlYLj45EYbY/JKyQIiXotuLVKVNrqMIZkbi4Vq9urJKC3IZp8hhyRXqRDl3PBW6T6YOZ 3ansE0b3p/ogyuJQ5+zPNB5psIhm2IcTCBqM4r6qujjQhHi8cps0GfZ7fibSR9Vj1HTohF 5VDvh6k0g2fi3hcyvS2cBQBgkA4rqfvnRLyDLztpi6uSNqMCkOEHh+JYkbXsQw== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] openssl: Update to version 3.1.4 Date: Fri, 1 Dec 2023 18:01:20 +0100 Message-ID: <20231201170120.111421-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Message-ID-Hash: PJTIQHT5WU6FT4VDV43QP4LLQ25ELI44 X-Message-ID-Hash: PJTIQHT5WU6FT4VDV43QP4LLQ25ELI44 X-MailFrom: adolf.belka@ipfire.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.8 Precedence: list List-Id: IPFire development talk Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: - IPFire-3.x - Update from version 3.1.2 to 3.1.4 - Changelog 3.1.4 * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length ([CVE-2023-5363]). 3.1.3 * Fix POLY1305 MAC implementation corrupting XMM registers on Windows. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. ([CVE-2023-4807]) Signed-off-by: Adolf Belka --- openssl/openssl.nm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openssl/openssl.nm b/openssl/openssl.nm index 6d5d21863..19214a8e9 100644 --- a/openssl/openssl.nm +++ b/openssl/openssl.nm @@ -4,8 +4,8 @@ ############################################################################### name = openssl -version = 3.1.2 -release = 2 +version = 3.1.4 +release = 1 maintainer = Michael Tremer groups = System/Libraries