From patchwork Fri Nov 18 22:51:36 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 6138
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4NDX8Y0P14z3wgd
	for <patchwork@web04.haj.ipfire.org>; Fri, 18 Nov 2022 22:51:41 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4NDX8X3q6Wz2Nc;
	Fri, 18 Nov 2022 22:51:40 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4NDX8X3Bygz2xlg;
	Fri, 18 Nov 2022 22:51:40 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4NDX8W0qZHz2xHD
 for <development@lists.ipfire.org>; Fri, 18 Nov 2022 22:51:39 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4NDX8V4z4bz19J;
 Fri, 18 Nov 2022 22:51:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1668811898;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=XZttE/SIRm0B0BqU5jT3fXqvQEihNN3moWKj+vrp/0U=;
 b=gkYVJx4Hasr6TsNeu6VgTrsk3uDzmNNE0QWxgwAE4mbny1VrKMK8o3l2cIqQfrOekjHJWj
 yhUI9gmNy/WprU3oy9CYVraMr2J04EqcFBCvVZ/yAbIia64nfdRE1tpiWarBWXJLKapb/c
 NNKwe+ECdjsDDUOjoOrg06IEwRmtNZ6KI/rz4rIXLyv48bGQY0qmqVS3YaMFoS/2tHcMnr
 m615EiMgWAHQoh5HZaw8WrQiecn1r1onL+oW2q+0/f2stbiNs/AOLR9FNxMm4YzOx282ZX
 aaT1pt2E9S6OS3/k2+FBMp9gnrSFUA+jq5ijkG0PLcli7ffU6+X4zu+5KUiOLw==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1668811898;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=XZttE/SIRm0B0BqU5jT3fXqvQEihNN3moWKj+vrp/0U=;
 b=dUsyOq+Wq9GmMYu1TSQxuxjBBDOnzNgyLf5vIltYqA9EiDeTd91yKJ6LJj/tXZDwoihFft
 IQWTBBQ3fZ7zvKCg==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] openssl: Update to version 1.1.1s
Date: Fri, 18 Nov 2022 23:51:36 +0100
Message-Id: <20221118225136.1361926-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

- Update from version 1.1.1q to 1.1.1s
- Update of rootfile
- Changelog
    Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
	  *) Fixed a regression introduced in 1.1.1r version not refreshing the
	     certificate data to be signed before signing the certificate.
    Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
	  *) Fixed the linux-mips64 Configure target which was missing the
	     SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
	     platform.
	  *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
	     causing incorrect results in some cases as a result.
	  *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
	     report correct results in some cases
	  *) Fixed a regression introduced in 1.1.1o for re-signing certificates with
	     different key sizes
	  *) Added the loongarch64 target
	  *) Fixed a DRBG seed propagation thread safety issue
	  *) Fixed a memory leak in tls13_generate_secret
	  *) Fixed reported performance degradation on aarch64. Restored the
	     implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
	     32-bit lane assignment in CTR mode") for 64bit targets only, since it is
	     reportedly 2-17% slower and the silicon errata only affects 32bit targets.
	     The new algorithm is still used for 32 bit targets.
	  *) Added a missing header for memcmp that caused compilation failure on some
	     platforms

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/rootfiles/common/openssl | 4 ++++
 lfs/openssl                     | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl
index bb7e6f65c..ea672ffac 100644
--- a/config/rootfiles/common/openssl
+++ b/config/rootfiles/common/openssl
@@ -2329,6 +2329,8 @@ usr/lib/libssl.so.1.1
 #usr/share/doc/openssl/html/man3/PKCS7_SIGNER_INFO_new.html
 #usr/share/doc/openssl/html/man3/PKCS7_SIGN_ENVELOPE_free.html
 #usr/share/doc/openssl/html/man3/PKCS7_SIGN_ENVELOPE_new.html
+#usr/share/doc/openssl/html/man3/PKCS7_add_certificate.html
+#usr/share/doc/openssl/html/man3/PKCS7_add_crl.html
 #usr/share/doc/openssl/html/man3/PKCS7_decrypt.html
 #usr/share/doc/openssl/html/man3/PKCS7_dup.html
 #usr/share/doc/openssl/html/man3/PKCS7_encrypt.html
@@ -6314,6 +6316,8 @@ usr/lib/libssl.so.1.1
 #usr/share/man/man3/PKCS7_SIGNER_INFO_new.3
 #usr/share/man/man3/PKCS7_SIGN_ENVELOPE_free.3
 #usr/share/man/man3/PKCS7_SIGN_ENVELOPE_new.3
+#usr/share/man/man3/PKCS7_add_certificate.3
+#usr/share/man/man3/PKCS7_add_crl.3
 #usr/share/man/man3/PKCS7_decrypt.3
 #usr/share/man/man3/PKCS7_dup.3
 #usr/share/man/man3/PKCS7_encrypt.3
diff --git a/lfs/openssl b/lfs/openssl
index 28a92a6b3..d456577fa 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.1.1q
+VER        = 1.1.1s
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -74,7 +74,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5
+$(DL_FILE)_BLAKE2 = ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb
 
 install : $(TARGET)