| Message ID | 20220706160852.440795-1-dustin@null-ptr.net |
|---|---|
| State | Accepted |
| Delegated to: | Hauke Mehrtens |
| Headers | show
Return-Path:
<openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: bilbo.ozlabs.org;
dkim=pass (2048-bit key;
secure) header.d=lists.infradead.org header.i=@lists.infradead.org
header.a=rsa-sha256 header.s=bombadil.20210309 header.b=FIXoKtdr;
dkim=fail reason="signature verification failed" (2048-bit key;
unprotected) header.d=null-ptr-net.20210112.gappssmtp.com
header.i=@null-ptr-net.20210112.gappssmtp.com header.a=rsa-sha256
header.s=20210112 header.b=FfqKGkcK;
dkim-atps=neutral
Authentication-Results: ozlabs.org;
spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
(client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
receiver=<UNKNOWN>)
Received: from bombadil.infradead.org (bombadil.infradead.org
[IPv6:2607:7c80:54:3::133])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
SHA256)
(No client certificate requested)
by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LdPlJ4MKqz9s07
for <incoming@patchwork.ozlabs.org>; Thu, 7 Jul 2022 02:15:08 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=lists.infradead.org; s=bombadil.20210309; h=Sender:
Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
List-Owner; bh=9rc9cFpfVVG797+mQd9O3klKSqhJWaFOO6zcJuDeuBk=; b=FIXoKtdrYke552
1VtgK58g0uiv8j1iJQe8D21SB8Z49QGQeiVepwVpkz6A49V6d7qDtCsI4Mn/hpaC0QiaAdrm/KtUX
wapQQRYF0mfgJB+w13HuwZzN/GPYSnYpkvCFDL2CrwpOAGNxjoQ1JPHUqrooa4fK0OPmpobzXNbJ8
MRc95IRGdtDVUtJhcelBYRmJl7sTUnCX+LhDIEHr5ENKV2OL+gkr3T1CMnr9kiRkqwb5+qcGy2BPh
JJk9YjOWiBmRu47HCcGaoOqaWlDts/hTJSdacKH/z8Fgy3CwAupHhQadUuPc6YehuLGY9h/TguCsv
oM9YvQd8V+GN10Fc4I7g==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux))
id 1o97aR-00BER3-Sj; Wed, 06 Jul 2022 16:09:12 +0000
Received: from mail-pj1-x1032.google.com ([2607:f8b0:4864:20::1032])
by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux))
id 1o97aM-00BEP8-Db
for openwrt-devel@lists.openwrt.org; Wed, 06 Jul 2022 16:09:07 +0000
Received: by mail-pj1-x1032.google.com with SMTP id ju17so10535904pjb.3
for <openwrt-devel@lists.openwrt.org>;
Wed, 06 Jul 2022 09:09:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=null-ptr-net.20210112.gappssmtp.com; s=20210112;
h=from:to:cc:subject:date:message-id:mime-version
:content-transfer-encoding;
bh=VE0wNn0a8ABN925vabTEdPzDXRj6UNHZEtxTzOrByJE=;
b=FfqKGkcKNbEDcjrZCo7be5+uRhC6A/IoZt6gJPVf1qaKiyBZhMRTI4RCr6pe+tYyew
8reZ1mQwxeGA/7+sBsQVbiEkqRbO+meYxfroCGvYM7PTBn+zui/DP9jEZBBUf+SA23Qf
ql3UFNQIEU9dSd5EiG2UdAX38G2zoSQCxlP6OEOi7N898HPtBHmcmt0VhwRytpLgVRrF
c/fQ4mrvzG9Z2dRKJrU1TxHPz9idqdGxURLDAdyiGx4w0FGqAH1Wwq6F3wAd3EmT4d81
raPNBCEBANFU+03gQXqwJVWDfatx+X86pRgMF8rJYU+tlr+hkSHkhYR+mV8WEBQhgO+w
lS/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
:content-transfer-encoding;
bh=VE0wNn0a8ABN925vabTEdPzDXRj6UNHZEtxTzOrByJE=;
b=kAdWuTm2GrGt9N0sOy1NDeQLxLeYRNF2YwggOsVwHRCCEA6tnqePh+w8vLyFFMkxbY
mjS2WiJYGoDXYC47Pf8lDVC37orqBUMp+mden99pIaa1GrbRNPNSlBJHYQdLawv5nDRE
TF0XpdxXIoUcW5rVQqGwUe4rOuc+RtlOqy15QLvpXzS7ZzcI1eafccsMSEYqW2ob5kYz
A6s35klvkXlh3Yh2SljfmJa8Il3/TpuszRaEIx4+WkZqMhL6s7rFmQbOQbMqF8rPGN1j
v2xP/10kipU7BON5Cm7JQ7ngVe3Cct+cVY8ydWVMdzS66L3qMGtgXPJkFLyjEc1Ch2kY
gNcw==
X-Gm-Message-State: AJIora/8O94KuzFMUZYm5bmzFoZ8QE8OWSuA/xfcTGu1J92JOpVMgfb8
6e/1mIQjIiI2YfHS4hBGjr1DqZjs43MGl18D
X-Google-Smtp-Source:
AGRyM1sZ1LQXoYBExAbikSwrgHqqgHhtHu3ssUaVxiHpBA3b7T0XaAGOekIva0Da7mDkflB+EHeFsA==
X-Received: by 2002:a17:902:8a8b:b0:16a:52d0:72bd with SMTP id
p11-20020a1709028a8b00b0016a52d072bdmr47743854plo.78.1657123740779;
Wed, 06 Jul 2022 09:09:00 -0700 (PDT)
Received: from rigel.overthere.org (c-71-197-159-127.hsd1.wa.comcast.net.
[71.197.159.127])
by smtp.gmail.com with ESMTPSA id
r10-20020a17090a1bca00b001e2f892b352sm14890108pjr.45.2022.07.06.09.09.00
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 06 Jul 2022 09:09:00 -0700 (PDT)
From: Dustin Lundquist <dustin@null-ptr.net>
To: openwrt-devel@lists.openwrt.org
Cc: Dustin Lundquist <dustin@null-ptr.net>
Subject: [PATCH] openssl: bump to 1.1.1q
Date: Wed, 6 Jul 2022 09:08:52 -0700
Message-Id: <20220706160852.440795-1-dustin@null-ptr.net>
X-Mailer: git-send-email 2.31.0.rc2
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3
X-CRM114-CacheID: sfid-20220706_090906_713276_0D055E82
X-CRM114-Status: GOOD ( 10.14 )
X-Spam-Score: 0.0 (/)
X-Spam-Report: Spam detection software,
running on the system "bombadil.infradead.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Changes between 1.1.1p and 1.1.1q [5 Jul 2022] *) AES OCB
mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation
would not encrypt the entirety of the data under some circumstances. This
could reveal sixteen bytes of dat [...]
Content analysis details: (0.0 points, 5.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/,
no trust
[2607:f8b0:4864:20:0:0:0:1032 listed in]
[list.dnswl.org]
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 SPF_NONE SPF: sender does not publish an SPF Record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK
signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily
valid
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
<mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
<mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To:
openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org
|
| Series |
openssl: bump to 1.1.1q
|
expand
|
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index ed618568a4..bf2d6ae64d 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.1.1 -PKG_BUGFIX:=p +PKG_BUGFIX:=q PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) PKG_RELEASE:=$(AUTORELEASE) PKG_USE_MIPS16:=0 @@ -25,7 +25,7 @@ PKG_SOURCE_URL:= \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/ -PKG_HASH:=bf61b62aaa66c7c7639942a94de4c9ae8280c08f17d4eac2e44644d9fc8ace6f +PKG_HASH:=d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE
Changes between 1.1.1p and 1.1.1q [5 Jul 2022] *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation would not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. (CVE-2022-2097) [Alex Chernyakhovsky, David Benjamin, Alejandro SedeƱo] Signed-off-by: Dustin Lundquist <dustin@null-ptr.net> --- package/libs/openssl/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)