Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>

> On 7 Jul 2022, at 21:40, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> - Update from version 1.1.1p to 1.1.1q
> - Update of rootfile not required
> - Changelog
>   Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
>     (CVE-2022-2097) Severity: Moderate
>        AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
>        implementation would not encrypt the entirety of the data under some
>        circumstances.  This could reveal sixteen bytes of data that was
>        preexisting in the memory that wasn't written.  In the special case of
>        "in place" encryption, sixteen bytes of the plaintext would be revealed.
>        Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
>        they are both unaffected.
> 
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> lfs/openssl | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/lfs/openssl b/lfs/openssl
> index 88f533323..28a92a6b3 100644
> --- a/lfs/openssl
> +++ b/lfs/openssl
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 1.1.1p
> +VER        = 1.1.1q
> 
> THISAPP    = openssl-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -74,7 +74,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_BLAKE2 = 4354753a5e52393c9cc4569954c2cac6d89a1e204fa4f9ca00a60492782d29f8952fb92664cdbb3576c6443d3cb2eacebea51db584738589f3598b40df579b12
> +$(DL_FILE)_BLAKE2 = fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5
> 
> install : $(TARGET)
> 
> -- 
> 2.37.0
>