openssl: security bump to version 1.0.2k

Message ID	20170126200756.29248-1-gustavo@zacarias.com.ar
State	Accepted
Commit	f9a6a2df56012b2ee6d171ca9371910c668bfa78
Headers	show Return-Path: <buildroot-bounces@busybox.net> DMARC-Filter: OpenDMARC Filter v1.3.1 www.zacarias.com.ar v0QK7weO030419 From: Gustavo Zacarias <gustavo@zacarias.com.ar> To: buildroot@busybox.net Date: Thu, 26 Jan 2017 17:07:56 -0300 Message-Id: <20170126200756.29248-1-gustavo@zacarias.com.ar> Subject: [Buildroot] [PATCH] openssl: security bump to version 1.0.2k Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" <buildroot-bounces@busybox.net>

Message ID

20170126200756.29248-1-gustavo@zacarias.com.ar

State

Accepted

Commit

f9a6a2df56012b2ee6d171ca9371910c668bfa78

Headers

DMARC-Filter: OpenDMARC Filter v1.3.1 www.zacarias.com.ar v0QK7weO030419
From: Gustavo Zacarias <gustavo@zacarias.com.ar>
To: buildroot@busybox.net
Date: Thu, 26 Jan 2017 17:07:56 -0300
Message-Id: <20170126200756.29248-1-gustavo@zacarias.com.ar>
Subject: [Buildroot] [PATCH] openssl: security bump to version 1.0.2k
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Commit Message

Gustavo Zacarias Jan. 26, 2017, 8:07 p.m. UTC

Fixes:
CVE-2017-3731 - Truncated packet could crash via OOB read.
CVE-2017-3732 - BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055 - Montgomery multiplication may produce incorrect results

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 package/openssl/openssl.hash | 4 ++--
 package/openssl/openssl.mk   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

Comments

Peter Korsgaard Jan. 26, 2017, 9:34 p.m. UTC | #1

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

 > Fixes:
 > CVE-2017-3731 - Truncated packet could crash via OOB read.
 > CVE-2017-3732 - BN_mod_exp may produce incorrect results on x86_64
 > CVE-2016-7055 - Montgomery multiplication may produce incorrect results

 > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

Committed, thanks.

diff --git a/package/openssl/openssl.hash b/package/openssl/openssl.hash
index 0dc5450..064eeca 100644
--- a/package/openssl/openssl.hash
+++ b/package/openssl/openssl.hash
@@ -1,5 +1,5 @@ 
-# From https://www.openssl.org/source/openssl-1.0.2j.tar.gz.sha256
-sha256	e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431	openssl-1.0.2j.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.2k.tar.gz.sha256
+sha256	6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0	openssl-1.0.2k.tar.gz
 # Locally computed
 sha256	eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9	openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
 sha256	147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f	openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
diff --git a/package/openssl/openssl.mk b/package/openssl/openssl.mk
index 814c435..1536982 100644
--- a/package/openssl/openssl.mk
+++ b/package/openssl/openssl.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-OPENSSL_VERSION = 1.0.2j
+OPENSSL_VERSION = 1.0.2k
 OPENSSL_SITE = http://www.openssl.org/source
 OPENSSL_LICENSE = OpenSSL or SSLeay
 OPENSSL_LICENSE_FILES = LICENSE

openssl: security bump to version 1.0.2k

Commit Message

Comments

Patch