From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] openssl: Update to version 1.1.1s Date: Sat, 19 Nov 2022 11:51:42 +0000 Message-ID: <5B75F73D-4662-4899-AA1A-E225285DCC71@ipfire.org> In-Reply-To: <20221118225136.1361926-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1435014969120286491==" List-Id: --===============1435014969120286491== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Reviewed-by: Michael Tremer > On 18 Nov 2022, at 22:51, Adolf Belka wrote: >=20 > - Update from version 1.1.1q to 1.1.1s > - Update of rootfile > - Changelog > Changes between 1.1.1r and 1.1.1s [1 Nov 2022] > *) Fixed a regression introduced in 1.1.1r version not refreshing the > certificate data to be signed before signing the certificate. > Changes between 1.1.1q and 1.1.1r [11 Oct 2022] > *) Fixed the linux-mips64 Configure target which was missing the > SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that > platform. > *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was > causing incorrect results in some cases as a result. > *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing = to > report correct results in some cases > *) Fixed a regression introduced in 1.1.1o for re-signing certificates with > different key sizes > *) Added the loongarch64 target > *) Fixed a DRBG seed propagation thread safety issue > *) Fixed a memory leak in tls13_generate_secret > *) Fixed reported performance degradation on aarch64. Restored the > implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid > 32-bit lane assignment in CTR mode") for 64bit targets only, since it is > reportedly 2-17% slower and the silicon errata only affects 32bit targe= ts. > The new algorithm is still used for 32 bit targets. > *) Added a missing header for memcmp that caused compilation failure on so= me > platforms >=20 > Signed-off-by: Adolf Belka > --- > config/rootfiles/common/openssl | 4 ++++ > lfs/openssl | 4 ++-- > 2 files changed, 6 insertions(+), 2 deletions(-) >=20 > diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/open= ssl > index bb7e6f65c..ea672ffac 100644 > --- a/config/rootfiles/common/openssl > +++ b/config/rootfiles/common/openssl > @@ -2329,6 +2329,8 @@ usr/lib/libssl.so.1.1 > #usr/share/doc/openssl/html/man3/PKCS7_SIGNER_INFO_new.html > #usr/share/doc/openssl/html/man3/PKCS7_SIGN_ENVELOPE_free.html > #usr/share/doc/openssl/html/man3/PKCS7_SIGN_ENVELOPE_new.html > +#usr/share/doc/openssl/html/man3/PKCS7_add_certificate.html > +#usr/share/doc/openssl/html/man3/PKCS7_add_crl.html > #usr/share/doc/openssl/html/man3/PKCS7_decrypt.html > #usr/share/doc/openssl/html/man3/PKCS7_dup.html > #usr/share/doc/openssl/html/man3/PKCS7_encrypt.html > @@ -6314,6 +6316,8 @@ usr/lib/libssl.so.1.1 > #usr/share/man/man3/PKCS7_SIGNER_INFO_new.3 > #usr/share/man/man3/PKCS7_SIGN_ENVELOPE_free.3 > #usr/share/man/man3/PKCS7_SIGN_ENVELOPE_new.3 > +#usr/share/man/man3/PKCS7_add_certificate.3 > +#usr/share/man/man3/PKCS7_add_crl.3 > #usr/share/man/man3/PKCS7_decrypt.3 > #usr/share/man/man3/PKCS7_dup.3 > #usr/share/man/man3/PKCS7_encrypt.3 > diff --git a/lfs/openssl b/lfs/openssl > index 28a92a6b3..d456577fa 100644 > --- a/lfs/openssl > +++ b/lfs/openssl > @@ -24,7 +24,7 @@ >=20 > include Config >=20 > -VER =3D 1.1.1q > +VER =3D 1.1.1s >=20 > THISAPP =3D openssl-$(VER) > DL_FILE =3D $(THISAPP).tar.gz > @@ -74,7 +74,7 @@ objects =3D $(DL_FILE) >=20 > $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) >=20 > -$(DL_FILE)_BLAKE2 =3D fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c= 3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5 > +$(DL_FILE)_BLAKE2 =3D ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4eb= e61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb >=20 > install : $(TARGET) >=20 > --=20 > 2.38.1 >=20 --===============1435014969120286491==--