* [PATCH] openssl: Update to version 1.1.1s
@ 2022-11-18 22:51 Adolf Belka
2022-11-19 11:51 ` Michael Tremer
0 siblings, 1 reply; 2+ messages in thread
From: Adolf Belka @ 2022-11-18 22:51 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3445 bytes --]
- Update from version 1.1.1q to 1.1.1s
- Update of rootfile
- Changelog
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
*) Added the loongarch64 target
*) Fixed a DRBG seed propagation thread safety issue
*) Fixed a memory leak in tls13_generate_secret
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
*) Added a missing header for memcmp that caused compilation failure on some
platforms
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
config/rootfiles/common/openssl | 4 ++++
lfs/openssl | 4 ++--
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl
index bb7e6f65c..ea672ffac 100644
--- a/config/rootfiles/common/openssl
+++ b/config/rootfiles/common/openssl
@@ -2329,6 +2329,8 @@ usr/lib/libssl.so.1.1
#usr/share/doc/openssl/html/man3/PKCS7_SIGNER_INFO_new.html
#usr/share/doc/openssl/html/man3/PKCS7_SIGN_ENVELOPE_free.html
#usr/share/doc/openssl/html/man3/PKCS7_SIGN_ENVELOPE_new.html
+#usr/share/doc/openssl/html/man3/PKCS7_add_certificate.html
+#usr/share/doc/openssl/html/man3/PKCS7_add_crl.html
#usr/share/doc/openssl/html/man3/PKCS7_decrypt.html
#usr/share/doc/openssl/html/man3/PKCS7_dup.html
#usr/share/doc/openssl/html/man3/PKCS7_encrypt.html
@@ -6314,6 +6316,8 @@ usr/lib/libssl.so.1.1
#usr/share/man/man3/PKCS7_SIGNER_INFO_new.3
#usr/share/man/man3/PKCS7_SIGN_ENVELOPE_free.3
#usr/share/man/man3/PKCS7_SIGN_ENVELOPE_new.3
+#usr/share/man/man3/PKCS7_add_certificate.3
+#usr/share/man/man3/PKCS7_add_crl.3
#usr/share/man/man3/PKCS7_decrypt.3
#usr/share/man/man3/PKCS7_dup.3
#usr/share/man/man3/PKCS7_encrypt.3
diff --git a/lfs/openssl b/lfs/openssl
index 28a92a6b3..d456577fa 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
include Config
-VER = 1.1.1q
+VER = 1.1.1s
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -74,7 +74,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5
+$(DL_FILE)_BLAKE2 = ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb
install : $(TARGET)
--
2.38.1
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] openssl: Update to version 1.1.1s
2022-11-18 22:51 [PATCH] openssl: Update to version 1.1.1s Adolf Belka
@ 2022-11-19 11:51 ` Michael Tremer
0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2022-11-19 11:51 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3676 bytes --]
Reviewed-by: Michael Tremer <michael.tremer(a)ipfire.org>
> On 18 Nov 2022, at 22:51, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>
> - Update from version 1.1.1q to 1.1.1s
> - Update of rootfile
> - Changelog
> Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
> *) Fixed a regression introduced in 1.1.1r version not refreshing the
> certificate data to be signed before signing the certificate.
> Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
> *) Fixed the linux-mips64 Configure target which was missing the
> SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
> platform.
> *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
> causing incorrect results in some cases as a result.
> *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
> report correct results in some cases
> *) Fixed a regression introduced in 1.1.1o for re-signing certificates with
> different key sizes
> *) Added the loongarch64 target
> *) Fixed a DRBG seed propagation thread safety issue
> *) Fixed a memory leak in tls13_generate_secret
> *) Fixed reported performance degradation on aarch64. Restored the
> implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
> 32-bit lane assignment in CTR mode") for 64bit targets only, since it is
> reportedly 2-17% slower and the silicon errata only affects 32bit targets.
> The new algorithm is still used for 32 bit targets.
> *) Added a missing header for memcmp that caused compilation failure on some
> platforms
>
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
> config/rootfiles/common/openssl | 4 ++++
> lfs/openssl | 4 ++--
> 2 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl
> index bb7e6f65c..ea672ffac 100644
> --- a/config/rootfiles/common/openssl
> +++ b/config/rootfiles/common/openssl
> @@ -2329,6 +2329,8 @@ usr/lib/libssl.so.1.1
> #usr/share/doc/openssl/html/man3/PKCS7_SIGNER_INFO_new.html
> #usr/share/doc/openssl/html/man3/PKCS7_SIGN_ENVELOPE_free.html
> #usr/share/doc/openssl/html/man3/PKCS7_SIGN_ENVELOPE_new.html
> +#usr/share/doc/openssl/html/man3/PKCS7_add_certificate.html
> +#usr/share/doc/openssl/html/man3/PKCS7_add_crl.html
> #usr/share/doc/openssl/html/man3/PKCS7_decrypt.html
> #usr/share/doc/openssl/html/man3/PKCS7_dup.html
> #usr/share/doc/openssl/html/man3/PKCS7_encrypt.html
> @@ -6314,6 +6316,8 @@ usr/lib/libssl.so.1.1
> #usr/share/man/man3/PKCS7_SIGNER_INFO_new.3
> #usr/share/man/man3/PKCS7_SIGN_ENVELOPE_free.3
> #usr/share/man/man3/PKCS7_SIGN_ENVELOPE_new.3
> +#usr/share/man/man3/PKCS7_add_certificate.3
> +#usr/share/man/man3/PKCS7_add_crl.3
> #usr/share/man/man3/PKCS7_decrypt.3
> #usr/share/man/man3/PKCS7_dup.3
> #usr/share/man/man3/PKCS7_encrypt.3
> diff --git a/lfs/openssl b/lfs/openssl
> index 28a92a6b3..d456577fa 100644
> --- a/lfs/openssl
> +++ b/lfs/openssl
> @@ -24,7 +24,7 @@
>
> include Config
>
> -VER = 1.1.1q
> +VER = 1.1.1s
>
> THISAPP = openssl-$(VER)
> DL_FILE = $(THISAPP).tar.gz
> @@ -74,7 +74,7 @@ objects = $(DL_FILE)
>
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>
> -$(DL_FILE)_BLAKE2 = fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5
> +$(DL_FILE)_BLAKE2 = ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb
>
> install : $(TARGET)
>
> --
> 2.38.1
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-11-19 11:51 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-18 22:51 [PATCH] openssl: Update to version 1.1.1s Adolf Belka
2022-11-19 11:51 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox