From patchwork Tue Jan 30 22:13:43 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 7521
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4TPfZz0JVlz3xPk
	for <patchwork@web04.haj.ipfire.org>; Tue, 30 Jan 2024 22:14:03 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4TPfZw4Qsvz1c2;
	Tue, 30 Jan 2024 22:14:00 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4TPfZw3qPNz32jG;
	Tue, 30 Jan 2024 22:14:00 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4TPfZn6JJ8z2yPl
	for <development@lists.ipfire.org>; Tue, 30 Jan 2024 22:13:53 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4TPfZn4mXwzPW;
	Tue, 30 Jan 2024 22:13:53 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1706652833;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=tuxJbkp//ns/WBlW4KsljuGfDRWbOV4vFOZXOndVUwk=;
	b=TNQzfgDePIOOstWFwlBTcn4XLzDLWqnPBAcVOVEDFJmPn6yyDCnUQzT7URU1PUWjOXWt0r
	KM7oCXYcvNMj16Bg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1706652833;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=tuxJbkp//ns/WBlW4KsljuGfDRWbOV4vFOZXOndVUwk=;
	b=l1CokhtgN2ogo1aoy7Nn66qzfBo/kgB7pqLS3vhieBLyQr1jenE6AfUORRZ8ouy8YqjRd1
	kKIV6Vf91akc6dfKNkgqqANUH1sDn19gHq09Gyq4zhpXKJFsOHmkNjpWR4xzGkIaAJTG+l
	02ITbbsJEqnYpIkeIDxo/NIaJBdjsiD3c6NSSbmeFjVb9N9Sg3s+3s2a6uf86/cceqdzrx
	JKjGd82CP2zhODzb+5cyDNfJI+t/TD6lCeWrtkPQOFNZ8/xf4CKXcIAD3lXd96r4XJlgUQ
	B/BCOuCBJ3i3ACvQ4o+oqGaN/4r3iFPjR6nvmAEfdmdAm9PaxOy6zkKKj2MXkA==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] openssl: Update to version 3.2.1
Date: Tue, 30 Jan 2024 23:13:43 +0100
Message-ID: <20240130221345.1710154-5-adolf.belka@ipfire.org>
In-Reply-To: <20240130221345.1710154-1-adolf.belka@ipfire.org>
References: <20240130221345.1710154-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Message-ID-Hash: 5OJQURETN6FQLN4LTDYZRQSJLNEWUZWR
X-Message-ID-Hash: 5OJQURETN6FQLN4LTDYZRQSJLNEWUZWR
X-MailFrom: adolf.belka@ipfire.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 digests; suspicious-header
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
Archived-At: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/5OJQURETN6FQLN4LTDYZRQSJLNEWUZWR/>
List-Archive: 
 <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Owner: <mailto:development-owner@lists.ipfire.org>
List-Post: <mailto:development@lists.ipfire.org>
List-Subscribe: <mailto:development-join@lists.ipfire.org>
List-Unsubscribe: <mailto:development-leave@lists.ipfire.org>

- Update from version 3.2.0 to 3.2.1
- Update of rootfile
- Changelog
    3.2.1
	This is a security patch release. The most severe CVE fixed in this
	 release is Low.
	This release incorporates the following bug fixes and mitigations:
	  * Fixed PKCS12 Decoding crashes
	    ([CVE-2024-0727])
	  * Fixed excessive time spent checking invalid RSA public keys
	    ([CVE-2023-6237])
	  * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
	    CPUs which support PowerISA 2.07
	    ([CVE-2023-6129])
	  * Fixed excessive time spent in DH check / generation with large Q parameter
	    value
	    [(CVE-2023-5678)]

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/common/openssl | 69 +++++++++++++++++++++++++++++++++
 lfs/openssl                     |  4 +-
 2 files changed, 71 insertions(+), 2 deletions(-)

diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl
index 118b15e85..a3664a521 100644
--- a/config/rootfiles/common/openssl
+++ b/config/rootfiles/common/openssl
@@ -329,6 +329,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html
 #usr/share/doc/openssl/html/man3/CMS_sign.html
 #usr/share/doc/openssl/html/man3/CMS_sign_receipt.html
+#usr/share/doc/openssl/html/man3/CMS_signed_get_attr.html
 #usr/share/doc/openssl/html/man3/CMS_uncompress.html
 #usr/share/doc/openssl/html/man3/CMS_verify.html
 #usr/share/doc/openssl/html/man3/CMS_verify_receipt.html
@@ -431,6 +432,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/doc/openssl/html/man3/EVP_PKEY_encapsulate.html
 #usr/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html
 #usr/share/doc/openssl/html/man3/EVP_PKEY_fromdata.html
+#usr/share/doc/openssl/html/man3/EVP_PKEY_get_attr.html
 #usr/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html
 #usr/share/doc/openssl/html/man3/EVP_PKEY_get_field_type.html
 #usr/share/doc/openssl/html/man3/EVP_PKEY_get_group_name.html
@@ -812,6 +814,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/doc/openssl/html/man3/X509V3_get_d2i.html
 #usr/share/doc/openssl/html/man3/X509V3_set_ctx.html
 #usr/share/doc/openssl/html/man3/X509_ALGOR_dup.html
+#usr/share/doc/openssl/html/man3/X509_ATTRIBUTE.html
 #usr/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html
 #usr/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html
 #usr/share/doc/openssl/html/man3/X509_LOOKUP.html
@@ -823,6 +826,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html
 #usr/share/doc/openssl/html/man3/X509_NAME_print_ex.html
 #usr/share/doc/openssl/html/man3/X509_PUBKEY_new.html
+#usr/share/doc/openssl/html/man3/X509_REQ_get_attr.html
 #usr/share/doc/openssl/html/man3/X509_REQ_get_extensions.html
 #usr/share/doc/openssl/html/man3/X509_SIG_get0.html
 #usr/share/doc/openssl/html/man3/X509_STORE_CTX_get_by_subject.html
@@ -1812,7 +1816,27 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/CMS_sign.3ossl
 #usr/share/man/man3/CMS_sign_ex.3ossl
 #usr/share/man/man3/CMS_sign_receipt.3ossl
+#usr/share/man/man3/CMS_signed_add1_attr.3ossl
+#usr/share/man/man3/CMS_signed_add1_attr_by_NID.3ossl
+#usr/share/man/man3/CMS_signed_add1_attr_by_OBJ.3ossl
+#usr/share/man/man3/CMS_signed_add1_attr_by_txt.3ossl
+#usr/share/man/man3/CMS_signed_delete_attr.3ossl
+#usr/share/man/man3/CMS_signed_get0_data_by_OBJ.3ossl
+#usr/share/man/man3/CMS_signed_get_attr.3ossl
+#usr/share/man/man3/CMS_signed_get_attr_by_NID.3ossl
+#usr/share/man/man3/CMS_signed_get_attr_by_OBJ.3ossl
+#usr/share/man/man3/CMS_signed_get_attr_count.3ossl
 #usr/share/man/man3/CMS_uncompress.3ossl
+#usr/share/man/man3/CMS_unsigned_add1_attr.3ossl
+#usr/share/man/man3/CMS_unsigned_add1_attr_by_NID.3ossl
+#usr/share/man/man3/CMS_unsigned_add1_attr_by_OBJ.3ossl
+#usr/share/man/man3/CMS_unsigned_add1_attr_by_txt.3ossl
+#usr/share/man/man3/CMS_unsigned_delete_attr.3ossl
+#usr/share/man/man3/CMS_unsigned_get0_data_by_OBJ.3ossl
+#usr/share/man/man3/CMS_unsigned_get_attr.3ossl
+#usr/share/man/man3/CMS_unsigned_get_attr_by_NID.3ossl
+#usr/share/man/man3/CMS_unsigned_get_attr_by_OBJ.3ossl
+#usr/share/man/man3/CMS_unsigned_get_attr_count.3ossl
 #usr/share/man/man3/CMS_verify.3ossl
 #usr/share/man/man3/CMS_verify_receipt.3ossl
 #usr/share/man/man3/COMP_CTX_free.3ossl
@@ -2881,6 +2905,10 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/EVP_PKEY_CTX_settable_params.3ossl
 #usr/share/man/man3/EVP_PKEY_METHOD.3ossl
 #usr/share/man/man3/EVP_PKEY_Q_keygen.3ossl
+#usr/share/man/man3/EVP_PKEY_add1_attr.3ossl
+#usr/share/man/man3/EVP_PKEY_add1_attr_by_NID.3ossl
+#usr/share/man/man3/EVP_PKEY_add1_attr_by_OBJ.3ossl
+#usr/share/man/man3/EVP_PKEY_add1_attr_by_txt.3ossl
 #usr/share/man/man3/EVP_PKEY_asn1_add0.3ossl
 #usr/share/man/man3/EVP_PKEY_asn1_add_alias.3ossl
 #usr/share/man/man3/EVP_PKEY_asn1_copy.3ossl
@@ -2926,6 +2954,7 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/EVP_PKEY_decrypt.3ossl
 #usr/share/man/man3/EVP_PKEY_decrypt_init.3ossl
 #usr/share/man/man3/EVP_PKEY_decrypt_init_ex.3ossl
+#usr/share/man/man3/EVP_PKEY_delete_attr.3ossl
 #usr/share/man/man3/EVP_PKEY_derive.3ossl
 #usr/share/man/man3/EVP_PKEY_derive_init.3ossl
 #usr/share/man/man3/EVP_PKEY_derive_init_ex.3ossl
@@ -2965,6 +2994,10 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/EVP_PKEY_get1_RSA.3ossl
 #usr/share/man/man3/EVP_PKEY_get1_encoded_public_key.3ossl
 #usr/share/man/man3/EVP_PKEY_get1_tls_encodedpoint.3ossl
+#usr/share/man/man3/EVP_PKEY_get_attr.3ossl
+#usr/share/man/man3/EVP_PKEY_get_attr_by_NID.3ossl
+#usr/share/man/man3/EVP_PKEY_get_attr_by_OBJ.3ossl
+#usr/share/man/man3/EVP_PKEY_get_attr_count.3ossl
 #usr/share/man/man3/EVP_PKEY_get_base_id.3ossl
 #usr/share/man/man3/EVP_PKEY_get_bits.3ossl
 #usr/share/man/man3/EVP_PKEY_get_bn_param.3ossl
@@ -3558,13 +3591,16 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/OPENSSL_LH_error.3ossl
 #usr/share/man/man3/OPENSSL_LH_flush.3ossl
 #usr/share/man/man3/OPENSSL_LH_free.3ossl
+#usr/share/man/man3/OPENSSL_LH_get_down_load.3ossl
 #usr/share/man/man3/OPENSSL_LH_insert.3ossl
 #usr/share/man/man3/OPENSSL_LH_new.3ossl
 #usr/share/man/man3/OPENSSL_LH_node_stats.3ossl
 #usr/share/man/man3/OPENSSL_LH_node_stats_bio.3ossl
 #usr/share/man/man3/OPENSSL_LH_node_usage_stats.3ossl
 #usr/share/man/man3/OPENSSL_LH_node_usage_stats_bio.3ossl
+#usr/share/man/man3/OPENSSL_LH_num_items.3ossl
 #usr/share/man/man3/OPENSSL_LH_retrieve.3ossl
+#usr/share/man/man3/OPENSSL_LH_set_down_load.3ossl
 #usr/share/man/man3/OPENSSL_LH_stats.3ossl
 #usr/share/man/man3/OPENSSL_LH_stats_bio.3ossl
 #usr/share/man/man3/OPENSSL_LINE.3ossl
@@ -5669,9 +5705,20 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/X509_ALGOR_new.3ossl
 #usr/share/man/man3/X509_ALGOR_set0.3ossl
 #usr/share/man/man3/X509_ALGOR_set_md.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_count.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_create.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_create_by_NID.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_create_by_OBJ.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_create_by_txt.3ossl
 #usr/share/man/man3/X509_ATTRIBUTE_dup.3ossl
 #usr/share/man/man3/X509_ATTRIBUTE_free.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_get0_data.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_get0_object.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_get0_type.3ossl
 #usr/share/man/man3/X509_ATTRIBUTE_new.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_set1_data.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_set1_object.3ossl
 #usr/share/man/man3/X509_CERT_AUX_free.3ossl
 #usr/share/man/man3/X509_CERT_AUX_new.3ossl
 #usr/share/man/man3/X509_CINF_free.3ossl
@@ -5826,9 +5873,14 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/X509_PUBKEY_set0_public_key.3ossl
 #usr/share/man/man3/X509_REQ_INFO_free.3ossl
 #usr/share/man/man3/X509_REQ_INFO_new.3ossl
+#usr/share/man/man3/X509_REQ_add1_attr.3ossl
+#usr/share/man/man3/X509_REQ_add1_attr_by_NID.3ossl
+#usr/share/man/man3/X509_REQ_add1_attr_by_OBJ.3ossl
+#usr/share/man/man3/X509_REQ_add1_attr_by_txt.3ossl
 #usr/share/man/man3/X509_REQ_add_extensions.3ossl
 #usr/share/man/man3/X509_REQ_add_extensions_nid.3ossl
 #usr/share/man/man3/X509_REQ_check_private_key.3ossl
+#usr/share/man/man3/X509_REQ_delete_attr.3ossl
 #usr/share/man/man3/X509_REQ_digest.3ossl
 #usr/share/man/man3/X509_REQ_dup.3ossl
 #usr/share/man/man3/X509_REQ_free.3ossl
@@ -5836,6 +5888,10 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/X509_REQ_get0_pubkey.3ossl
 #usr/share/man/man3/X509_REQ_get0_signature.3ossl
 #usr/share/man/man3/X509_REQ_get_X509_PUBKEY.3ossl
+#usr/share/man/man3/X509_REQ_get_attr.3ossl
+#usr/share/man/man3/X509_REQ_get_attr_by_NID.3ossl
+#usr/share/man/man3/X509_REQ_get_attr_by_OBJ.3ossl
+#usr/share/man/man3/X509_REQ_get_attr_count.3ossl
 #usr/share/man/man3/X509_REQ_get_extensions.3ossl
 #usr/share/man/man3/X509_REQ_get_pubkey.3ossl
 #usr/share/man/man3/X509_REQ_get_signature_nid.3ossl
@@ -6126,6 +6182,16 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/X509_verify.3ossl
 #usr/share/man/man3/X509_verify_cert.3ossl
 #usr/share/man/man3/X509_verify_cert_error_string.3ossl
+#usr/share/man/man3/X509at_add1_attr.3ossl
+#usr/share/man/man3/X509at_add1_attr_by_NID.3ossl
+#usr/share/man/man3/X509at_add1_attr_by_OBJ.3ossl
+#usr/share/man/man3/X509at_add1_attr_by_txt.3ossl
+#usr/share/man/man3/X509at_delete_attr.3ossl
+#usr/share/man/man3/X509at_get0_data_by_OBJ.3ossl
+#usr/share/man/man3/X509at_get_attr.3ossl
+#usr/share/man/man3/X509at_get_attr_by_NID.3ossl
+#usr/share/man/man3/X509at_get_attr_by_OBJ.3ossl
+#usr/share/man/man3/X509at_get_attr_count.3ossl
 #usr/share/man/man3/X509v3_add_ext.3ossl
 #usr/share/man/man3/X509v3_delete_ext.3ossl
 #usr/share/man/man3/X509v3_get_ext.3ossl
@@ -6598,9 +6664,12 @@ usr/lib/ossl-modules/legacy.so
 #usr/share/man/man3/lh_TYPE_error.3ossl
 #usr/share/man/man3/lh_TYPE_flush.3ossl
 #usr/share/man/man3/lh_TYPE_free.3ossl
+#usr/share/man/man3/lh_TYPE_get_down_load.3ossl
 #usr/share/man/man3/lh_TYPE_insert.3ossl
 #usr/share/man/man3/lh_TYPE_new.3ossl
+#usr/share/man/man3/lh_TYPE_num_items.3ossl
 #usr/share/man/man3/lh_TYPE_retrieve.3ossl
+#usr/share/man/man3/lh_TYPE_set_down_load.3ossl
 #usr/share/man/man3/o2i_SCT.3ossl
 #usr/share/man/man3/o2i_SCT_LIST.3ossl
 #usr/share/man/man3/pem_password_cb.3ossl
diff --git a/lfs/openssl b/lfs/openssl
index 2a9de717a..695035742 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 3.2.0
+VER        = 3.2.1
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -72,7 +72,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 776123929796d2eb0f3974bf6ee3a55df9187231632837576bf5ded7b5917f052683cdfc756693c1bee6fe1ffc7c3cb1ebcf833018d3caf51886f4f4e7a495f1
+$(DL_FILE)_BLAKE2 = 960222e0305166160e5ab000e29650b92063bf726551ee9ad46060166d99738d1e3a5b86fd28b14c8f4fb3a72f5aa70850defb87c02990acff3dbcbdac40b347
 
 install : $(TARGET)