Message ID | 20220706160852.440795-1-dustin@null-ptr.net |
---|---|
State | Accepted |
Delegated to: | Hauke Mehrtens |
Headers | show
Return-Path: <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org> X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=FIXoKtdr; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=null-ptr-net.20210112.gappssmtp.com header.i=@null-ptr-net.20210112.gappssmtp.com header.a=rsa-sha256 header.s=20210112 header.b=FfqKGkcK; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=<UNKNOWN>) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:3::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4LdPlJ4MKqz9s07 for <incoming@patchwork.ozlabs.org>; Thu, 7 Jul 2022 02:15:08 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=9rc9cFpfVVG797+mQd9O3klKSqhJWaFOO6zcJuDeuBk=; b=FIXoKtdrYke552 1VtgK58g0uiv8j1iJQe8D21SB8Z49QGQeiVepwVpkz6A49V6d7qDtCsI4Mn/hpaC0QiaAdrm/KtUX wapQQRYF0mfgJB+w13HuwZzN/GPYSnYpkvCFDL2CrwpOAGNxjoQ1JPHUqrooa4fK0OPmpobzXNbJ8 MRc95IRGdtDVUtJhcelBYRmJl7sTUnCX+LhDIEHr5ENKV2OL+gkr3T1CMnr9kiRkqwb5+qcGy2BPh JJk9YjOWiBmRu47HCcGaoOqaWlDts/hTJSdacKH/z8Fgy3CwAupHhQadUuPc6YehuLGY9h/TguCsv oM9YvQd8V+GN10Fc4I7g==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1o97aR-00BER3-Sj; Wed, 06 Jul 2022 16:09:12 +0000 Received: from mail-pj1-x1032.google.com ([2607:f8b0:4864:20::1032]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1o97aM-00BEP8-Db for openwrt-devel@lists.openwrt.org; Wed, 06 Jul 2022 16:09:07 +0000 Received: by mail-pj1-x1032.google.com with SMTP id ju17so10535904pjb.3 for <openwrt-devel@lists.openwrt.org>; Wed, 06 Jul 2022 09:09:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=null-ptr-net.20210112.gappssmtp.com; s=20210112; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=VE0wNn0a8ABN925vabTEdPzDXRj6UNHZEtxTzOrByJE=; b=FfqKGkcKNbEDcjrZCo7be5+uRhC6A/IoZt6gJPVf1qaKiyBZhMRTI4RCr6pe+tYyew 8reZ1mQwxeGA/7+sBsQVbiEkqRbO+meYxfroCGvYM7PTBn+zui/DP9jEZBBUf+SA23Qf ql3UFNQIEU9dSd5EiG2UdAX38G2zoSQCxlP6OEOi7N898HPtBHmcmt0VhwRytpLgVRrF c/fQ4mrvzG9Z2dRKJrU1TxHPz9idqdGxURLDAdyiGx4w0FGqAH1Wwq6F3wAd3EmT4d81 raPNBCEBANFU+03gQXqwJVWDfatx+X86pRgMF8rJYU+tlr+hkSHkhYR+mV8WEBQhgO+w lS/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=VE0wNn0a8ABN925vabTEdPzDXRj6UNHZEtxTzOrByJE=; b=kAdWuTm2GrGt9N0sOy1NDeQLxLeYRNF2YwggOsVwHRCCEA6tnqePh+w8vLyFFMkxbY mjS2WiJYGoDXYC47Pf8lDVC37orqBUMp+mden99pIaa1GrbRNPNSlBJHYQdLawv5nDRE TF0XpdxXIoUcW5rVQqGwUe4rOuc+RtlOqy15QLvpXzS7ZzcI1eafccsMSEYqW2ob5kYz A6s35klvkXlh3Yh2SljfmJa8Il3/TpuszRaEIx4+WkZqMhL6s7rFmQbOQbMqF8rPGN1j v2xP/10kipU7BON5Cm7JQ7ngVe3Cct+cVY8ydWVMdzS66L3qMGtgXPJkFLyjEc1Ch2kY gNcw== X-Gm-Message-State: AJIora/8O94KuzFMUZYm5bmzFoZ8QE8OWSuA/xfcTGu1J92JOpVMgfb8 6e/1mIQjIiI2YfHS4hBGjr1DqZjs43MGl18D X-Google-Smtp-Source: AGRyM1sZ1LQXoYBExAbikSwrgHqqgHhtHu3ssUaVxiHpBA3b7T0XaAGOekIva0Da7mDkflB+EHeFsA== X-Received: by 2002:a17:902:8a8b:b0:16a:52d0:72bd with SMTP id p11-20020a1709028a8b00b0016a52d072bdmr47743854plo.78.1657123740779; Wed, 06 Jul 2022 09:09:00 -0700 (PDT) Received: from rigel.overthere.org (c-71-197-159-127.hsd1.wa.comcast.net. [71.197.159.127]) by smtp.gmail.com with ESMTPSA id r10-20020a17090a1bca00b001e2f892b352sm14890108pjr.45.2022.07.06.09.09.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 Jul 2022 09:09:00 -0700 (PDT) From: Dustin Lundquist <dustin@null-ptr.net> To: openwrt-devel@lists.openwrt.org Cc: Dustin Lundquist <dustin@null-ptr.net> Subject: [PATCH] openssl: bump to 1.1.1q Date: Wed, 6 Jul 2022 09:08:52 -0700 Message-Id: <20220706160852.440795-1-dustin@null-ptr.net> X-Mailer: git-send-email 2.31.0.rc2 MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20220706_090906_713276_0D055E82 X-CRM114-Status: GOOD ( 10.14 ) X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Changes between 1.1.1p and 1.1.1q [5 Jul 2022] *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation would not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of dat [...] Content analysis details: (0.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:1032 listed in] [list.dnswl.org] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org> List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>, <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe> List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/> List-Post: <mailto:openwrt-devel@lists.openwrt.org> List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help> List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>, <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org> Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org |
Series |
openssl: bump to 1.1.1q
|
expand
|
diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index ed618568a4..bf2d6ae64d 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.1.1 -PKG_BUGFIX:=p +PKG_BUGFIX:=q PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) PKG_RELEASE:=$(AUTORELEASE) PKG_USE_MIPS16:=0 @@ -25,7 +25,7 @@ PKG_SOURCE_URL:= \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/ -PKG_HASH:=bf61b62aaa66c7c7639942a94de4c9ae8280c08f17d4eac2e44644d9fc8ace6f +PKG_HASH:=d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE
Changes between 1.1.1p and 1.1.1q [5 Jul 2022] *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation would not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. (CVE-2022-2097) [Alex Chernyakhovsky, David Benjamin, Alejandro SedeƱo] Signed-off-by: Dustin Lundquist <dustin@null-ptr.net> --- package/libs/openssl/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)