Re: [PATCH] openssl: Update to version 3.2.1

31 Jan 2024

Hello,
On this one, I have sadly been faster… But your patch looks exactly the same as mine so I take this as confirmation that neither of us messed anything up :)
-Michael
...
On 30 Jan 2024, at 22:13, Adolf Belka adolf.belka@ipfire.org wrote:

Update from version 3.2.0 to 3.2.1
Update of rootfile
Changelog
 3.2.1

This is a security patch release. The most severe CVE fixed in this
release is Low.
This release incorporates the following bug fixes and mitigations:

Fixed PKCS12 Decoding crashes
([CVE-2024-0727])
Fixed excessive time spent checking invalid RSA public keys
([CVE-2023-6237])
Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
CPUs which support PowerISA 2.07
([CVE-2023-6129])
Fixed excessive time spent in DH check / generation with large Q parameter
value
[(CVE-2023-5678)]

Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/rootfiles/common/openssl | 69 +++++++++++++++++++++++++++++++++
lfs/openssl                     |  4 +-
2 files changed, 71 insertions(+), 2 deletions(-)

diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl
index 118b15e85..a3664a521 100644
--- a/config/rootfiles/common/openssl
+++ b/config/rootfiles/common/openssl
@@ -329,6 +329,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man3/CMS_get1_ReceiptRequest.html
#usr/share/doc/openssl/html/man3/CMS_sign.html
#usr/share/doc/openssl/html/man3/CMS_sign_receipt.html
+#usr/share/doc/openssl/html/man3/CMS_signed_get_attr.html
#usr/share/doc/openssl/html/man3/CMS_uncompress.html
#usr/share/doc/openssl/html/man3/CMS_verify.html
#usr/share/doc/openssl/html/man3/CMS_verify_receipt.html
@@ -431,6 +432,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man3/EVP_PKEY_encapsulate.html
#usr/share/doc/openssl/html/man3/EVP_PKEY_encrypt.html
#usr/share/doc/openssl/html/man3/EVP_PKEY_fromdata.html
+#usr/share/doc/openssl/html/man3/EVP_PKEY_get_attr.html
#usr/share/doc/openssl/html/man3/EVP_PKEY_get_default_digest_nid.html
#usr/share/doc/openssl/html/man3/EVP_PKEY_get_field_type.html
#usr/share/doc/openssl/html/man3/EVP_PKEY_get_group_name.html
@@ -812,6 +814,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man3/X509V3_get_d2i.html
#usr/share/doc/openssl/html/man3/X509V3_set_ctx.html
#usr/share/doc/openssl/html/man3/X509_ALGOR_dup.html
+#usr/share/doc/openssl/html/man3/X509_ATTRIBUTE.html
#usr/share/doc/openssl/html/man3/X509_CRL_get0_by_serial.html
#usr/share/doc/openssl/html/man3/X509_EXTENSION_set_object.html
#usr/share/doc/openssl/html/man3/X509_LOOKUP.html
@@ -823,6 +826,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/doc/openssl/html/man3/X509_NAME_get_index_by_NID.html
#usr/share/doc/openssl/html/man3/X509_NAME_print_ex.html
#usr/share/doc/openssl/html/man3/X509_PUBKEY_new.html
+#usr/share/doc/openssl/html/man3/X509_REQ_get_attr.html
#usr/share/doc/openssl/html/man3/X509_REQ_get_extensions.html
#usr/share/doc/openssl/html/man3/X509_SIG_get0.html
#usr/share/doc/openssl/html/man3/X509_STORE_CTX_get_by_subject.html
@@ -1812,7 +1816,27 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/CMS_sign.3ossl
#usr/share/man/man3/CMS_sign_ex.3ossl
#usr/share/man/man3/CMS_sign_receipt.3ossl
+#usr/share/man/man3/CMS_signed_add1_attr.3ossl
+#usr/share/man/man3/CMS_signed_add1_attr_by_NID.3ossl
+#usr/share/man/man3/CMS_signed_add1_attr_by_OBJ.3ossl
+#usr/share/man/man3/CMS_signed_add1_attr_by_txt.3ossl
+#usr/share/man/man3/CMS_signed_delete_attr.3ossl
+#usr/share/man/man3/CMS_signed_get0_data_by_OBJ.3ossl
+#usr/share/man/man3/CMS_signed_get_attr.3ossl
+#usr/share/man/man3/CMS_signed_get_attr_by_NID.3ossl
+#usr/share/man/man3/CMS_signed_get_attr_by_OBJ.3ossl
+#usr/share/man/man3/CMS_signed_get_attr_count.3ossl
#usr/share/man/man3/CMS_uncompress.3ossl
+#usr/share/man/man3/CMS_unsigned_add1_attr.3ossl
+#usr/share/man/man3/CMS_unsigned_add1_attr_by_NID.3ossl
+#usr/share/man/man3/CMS_unsigned_add1_attr_by_OBJ.3ossl
+#usr/share/man/man3/CMS_unsigned_add1_attr_by_txt.3ossl
+#usr/share/man/man3/CMS_unsigned_delete_attr.3ossl
+#usr/share/man/man3/CMS_unsigned_get0_data_by_OBJ.3ossl
+#usr/share/man/man3/CMS_unsigned_get_attr.3ossl
+#usr/share/man/man3/CMS_unsigned_get_attr_by_NID.3ossl
+#usr/share/man/man3/CMS_unsigned_get_attr_by_OBJ.3ossl
+#usr/share/man/man3/CMS_unsigned_get_attr_count.3ossl
#usr/share/man/man3/CMS_verify.3ossl
#usr/share/man/man3/CMS_verify_receipt.3ossl
#usr/share/man/man3/COMP_CTX_free.3ossl
@@ -2881,6 +2905,10 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/EVP_PKEY_CTX_settable_params.3ossl
#usr/share/man/man3/EVP_PKEY_METHOD.3ossl
#usr/share/man/man3/EVP_PKEY_Q_keygen.3ossl
+#usr/share/man/man3/EVP_PKEY_add1_attr.3ossl
+#usr/share/man/man3/EVP_PKEY_add1_attr_by_NID.3ossl
+#usr/share/man/man3/EVP_PKEY_add1_attr_by_OBJ.3ossl
+#usr/share/man/man3/EVP_PKEY_add1_attr_by_txt.3ossl
#usr/share/man/man3/EVP_PKEY_asn1_add0.3ossl
#usr/share/man/man3/EVP_PKEY_asn1_add_alias.3ossl
#usr/share/man/man3/EVP_PKEY_asn1_copy.3ossl
@@ -2926,6 +2954,7 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/EVP_PKEY_decrypt.3ossl
#usr/share/man/man3/EVP_PKEY_decrypt_init.3ossl
#usr/share/man/man3/EVP_PKEY_decrypt_init_ex.3ossl
+#usr/share/man/man3/EVP_PKEY_delete_attr.3ossl
#usr/share/man/man3/EVP_PKEY_derive.3ossl
#usr/share/man/man3/EVP_PKEY_derive_init.3ossl
#usr/share/man/man3/EVP_PKEY_derive_init_ex.3ossl
@@ -2965,6 +2994,10 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/EVP_PKEY_get1_RSA.3ossl
#usr/share/man/man3/EVP_PKEY_get1_encoded_public_key.3ossl
#usr/share/man/man3/EVP_PKEY_get1_tls_encodedpoint.3ossl
+#usr/share/man/man3/EVP_PKEY_get_attr.3ossl
+#usr/share/man/man3/EVP_PKEY_get_attr_by_NID.3ossl
+#usr/share/man/man3/EVP_PKEY_get_attr_by_OBJ.3ossl
+#usr/share/man/man3/EVP_PKEY_get_attr_count.3ossl
#usr/share/man/man3/EVP_PKEY_get_base_id.3ossl
#usr/share/man/man3/EVP_PKEY_get_bits.3ossl
#usr/share/man/man3/EVP_PKEY_get_bn_param.3ossl
@@ -3558,13 +3591,16 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/OPENSSL_LH_error.3ossl
#usr/share/man/man3/OPENSSL_LH_flush.3ossl
#usr/share/man/man3/OPENSSL_LH_free.3ossl
+#usr/share/man/man3/OPENSSL_LH_get_down_load.3ossl
#usr/share/man/man3/OPENSSL_LH_insert.3ossl
#usr/share/man/man3/OPENSSL_LH_new.3ossl
#usr/share/man/man3/OPENSSL_LH_node_stats.3ossl
#usr/share/man/man3/OPENSSL_LH_node_stats_bio.3ossl
#usr/share/man/man3/OPENSSL_LH_node_usage_stats.3ossl
#usr/share/man/man3/OPENSSL_LH_node_usage_stats_bio.3ossl
+#usr/share/man/man3/OPENSSL_LH_num_items.3ossl
#usr/share/man/man3/OPENSSL_LH_retrieve.3ossl
+#usr/share/man/man3/OPENSSL_LH_set_down_load.3ossl
#usr/share/man/man3/OPENSSL_LH_stats.3ossl
#usr/share/man/man3/OPENSSL_LH_stats_bio.3ossl
#usr/share/man/man3/OPENSSL_LINE.3ossl
@@ -5669,9 +5705,20 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/X509_ALGOR_new.3ossl
#usr/share/man/man3/X509_ALGOR_set0.3ossl
#usr/share/man/man3/X509_ALGOR_set_md.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_count.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_create.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_create_by_NID.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_create_by_OBJ.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_create_by_txt.3ossl
#usr/share/man/man3/X509_ATTRIBUTE_dup.3ossl
#usr/share/man/man3/X509_ATTRIBUTE_free.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_get0_data.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_get0_object.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_get0_type.3ossl
#usr/share/man/man3/X509_ATTRIBUTE_new.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_set1_data.3ossl
+#usr/share/man/man3/X509_ATTRIBUTE_set1_object.3ossl
#usr/share/man/man3/X509_CERT_AUX_free.3ossl
#usr/share/man/man3/X509_CERT_AUX_new.3ossl
#usr/share/man/man3/X509_CINF_free.3ossl
@@ -5826,9 +5873,14 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/X509_PUBKEY_set0_public_key.3ossl
#usr/share/man/man3/X509_REQ_INFO_free.3ossl
#usr/share/man/man3/X509_REQ_INFO_new.3ossl
+#usr/share/man/man3/X509_REQ_add1_attr.3ossl
+#usr/share/man/man3/X509_REQ_add1_attr_by_NID.3ossl
+#usr/share/man/man3/X509_REQ_add1_attr_by_OBJ.3ossl
+#usr/share/man/man3/X509_REQ_add1_attr_by_txt.3ossl
#usr/share/man/man3/X509_REQ_add_extensions.3ossl
#usr/share/man/man3/X509_REQ_add_extensions_nid.3ossl
#usr/share/man/man3/X509_REQ_check_private_key.3ossl
+#usr/share/man/man3/X509_REQ_delete_attr.3ossl
#usr/share/man/man3/X509_REQ_digest.3ossl
#usr/share/man/man3/X509_REQ_dup.3ossl
#usr/share/man/man3/X509_REQ_free.3ossl
@@ -5836,6 +5888,10 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/X509_REQ_get0_pubkey.3ossl
#usr/share/man/man3/X509_REQ_get0_signature.3ossl
#usr/share/man/man3/X509_REQ_get_X509_PUBKEY.3ossl
+#usr/share/man/man3/X509_REQ_get_attr.3ossl
+#usr/share/man/man3/X509_REQ_get_attr_by_NID.3ossl
+#usr/share/man/man3/X509_REQ_get_attr_by_OBJ.3ossl
+#usr/share/man/man3/X509_REQ_get_attr_count.3ossl
#usr/share/man/man3/X509_REQ_get_extensions.3ossl
#usr/share/man/man3/X509_REQ_get_pubkey.3ossl
#usr/share/man/man3/X509_REQ_get_signature_nid.3ossl
@@ -6126,6 +6182,16 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/X509_verify.3ossl
#usr/share/man/man3/X509_verify_cert.3ossl
#usr/share/man/man3/X509_verify_cert_error_string.3ossl
+#usr/share/man/man3/X509at_add1_attr.3ossl
+#usr/share/man/man3/X509at_add1_attr_by_NID.3ossl
+#usr/share/man/man3/X509at_add1_attr_by_OBJ.3ossl
+#usr/share/man/man3/X509at_add1_attr_by_txt.3ossl
+#usr/share/man/man3/X509at_delete_attr.3ossl
+#usr/share/man/man3/X509at_get0_data_by_OBJ.3ossl
+#usr/share/man/man3/X509at_get_attr.3ossl
+#usr/share/man/man3/X509at_get_attr_by_NID.3ossl
+#usr/share/man/man3/X509at_get_attr_by_OBJ.3ossl
+#usr/share/man/man3/X509at_get_attr_count.3ossl
#usr/share/man/man3/X509v3_add_ext.3ossl
#usr/share/man/man3/X509v3_delete_ext.3ossl
#usr/share/man/man3/X509v3_get_ext.3ossl
@@ -6598,9 +6664,12 @@ usr/lib/ossl-modules/legacy.so
#usr/share/man/man3/lh_TYPE_error.3ossl
#usr/share/man/man3/lh_TYPE_flush.3ossl
#usr/share/man/man3/lh_TYPE_free.3ossl
+#usr/share/man/man3/lh_TYPE_get_down_load.3ossl
#usr/share/man/man3/lh_TYPE_insert.3ossl
#usr/share/man/man3/lh_TYPE_new.3ossl
+#usr/share/man/man3/lh_TYPE_num_items.3ossl
#usr/share/man/man3/lh_TYPE_retrieve.3ossl
+#usr/share/man/man3/lh_TYPE_set_down_load.3ossl
#usr/share/man/man3/o2i_SCT.3ossl
#usr/share/man/man3/o2i_SCT_LIST.3ossl
#usr/share/man/man3/pem_password_cb.3ossl
diff --git a/lfs/openssl b/lfs/openssl
index 2a9de717a..695035742 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
include Config
-VER        = 3.2.0
+VER        = 3.2.1
THISAPP    = openssl-$(VER)
DL_FILE    = $(THISAPP).tar.gz
@@ -72,7 +72,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 776123929796d2eb0f3974bf6ee3a55df9187231632837576bf5ded7b5917f052683cdfc756693c1bee6fe1ffc7c3cb1ebcf833018d3caf51886f4f4e7a495f1
+$(DL_FILE)_BLAKE2 = 960222e0305166160e5ab000e29650b92063bf726551ee9ad46060166d99738d1e3a5b86fd28b14c8f4fb3a72f5aa70850defb87c02990acff3dbcbdac40b347
install : $(TARGET)
-- 
2.43.0

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Re: [PATCH] openssl: Update to version 3.2.1

Signed-off-by: Adolf Belka adolf.belka@ipfire.org