- Update from version 1.1.1q to 1.1.1s - Update of rootfile - Changelog Changes between 1.1.1r and 1.1.1s [1 Nov 2022] *) Fixed a regression introduced in 1.1.1r version not refreshing the certificate data to be signed before signing the certificate. Changes between 1.1.1q and 1.1.1r [11 Oct 2022] *) Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was causing incorrect results in some cases as a result. *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases *) Fixed a regression introduced in 1.1.1o for re-signing certificates with different key sizes *) Added the loongarch64 target *) Fixed a DRBG seed propagation thread safety issue *) Fixed a memory leak in tls13_generate_secret *) Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. *) Added a missing header for memcmp that caused compilation failure on some platforms
Signed-off-by: Adolf Belka adolf.belka@ipfire.org --- config/rootfiles/common/openssl | 4 ++++ lfs/openssl | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl index bb7e6f65c..ea672ffac 100644 --- a/config/rootfiles/common/openssl +++ b/config/rootfiles/common/openssl @@ -2329,6 +2329,8 @@ usr/lib/libssl.so.1.1 #usr/share/doc/openssl/html/man3/PKCS7_SIGNER_INFO_new.html #usr/share/doc/openssl/html/man3/PKCS7_SIGN_ENVELOPE_free.html #usr/share/doc/openssl/html/man3/PKCS7_SIGN_ENVELOPE_new.html +#usr/share/doc/openssl/html/man3/PKCS7_add_certificate.html +#usr/share/doc/openssl/html/man3/PKCS7_add_crl.html #usr/share/doc/openssl/html/man3/PKCS7_decrypt.html #usr/share/doc/openssl/html/man3/PKCS7_dup.html #usr/share/doc/openssl/html/man3/PKCS7_encrypt.html @@ -6314,6 +6316,8 @@ usr/lib/libssl.so.1.1 #usr/share/man/man3/PKCS7_SIGNER_INFO_new.3 #usr/share/man/man3/PKCS7_SIGN_ENVELOPE_free.3 #usr/share/man/man3/PKCS7_SIGN_ENVELOPE_new.3 +#usr/share/man/man3/PKCS7_add_certificate.3 +#usr/share/man/man3/PKCS7_add_crl.3 #usr/share/man/man3/PKCS7_decrypt.3 #usr/share/man/man3/PKCS7_dup.3 #usr/share/man/man3/PKCS7_encrypt.3 diff --git a/lfs/openssl b/lfs/openssl index 28a92a6b3..d456577fa 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@
include Config
-VER = 1.1.1q +VER = 1.1.1s
THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -74,7 +74,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5 +$(DL_FILE)_BLAKE2 = ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb
install : $(TARGET)
Reviewed-by: Michael Tremer michael.tremer@ipfire.org
On 18 Nov 2022, at 22:51, Adolf Belka adolf.belka@ipfire.org wrote:
- Update from version 1.1.1q to 1.1.1s
- Update of rootfile
- Changelog Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the certificate data to be signed before signing the certificate. Changes between 1.1.1q and 1.1.1r [11 Oct 2022] *) Fixed the linux-mips64 Configure target which was missing the SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that platform. *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was causing incorrect results in some cases as a result. *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to report correct results in some cases *) Fixed a regression introduced in 1.1.1o for re-signing certificates with different key sizes *) Added the loongarch64 target *) Fixed a DRBG seed propagation thread safety issue *) Fixed a memory leak in tls13_generate_secret *) Fixed reported performance degradation on aarch64. Restored the implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid 32-bit lane assignment in CTR mode") for 64bit targets only, since it is reportedly 2-17% slower and the silicon errata only affects 32bit targets. The new algorithm is still used for 32 bit targets. *) Added a missing header for memcmp that caused compilation failure on some platforms
Signed-off-by: Adolf Belka adolf.belka@ipfire.org
config/rootfiles/common/openssl | 4 ++++ lfs/openssl | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/config/rootfiles/common/openssl b/config/rootfiles/common/openssl index bb7e6f65c..ea672ffac 100644 --- a/config/rootfiles/common/openssl +++ b/config/rootfiles/common/openssl @@ -2329,6 +2329,8 @@ usr/lib/libssl.so.1.1 #usr/share/doc/openssl/html/man3/PKCS7_SIGNER_INFO_new.html #usr/share/doc/openssl/html/man3/PKCS7_SIGN_ENVELOPE_free.html #usr/share/doc/openssl/html/man3/PKCS7_SIGN_ENVELOPE_new.html +#usr/share/doc/openssl/html/man3/PKCS7_add_certificate.html +#usr/share/doc/openssl/html/man3/PKCS7_add_crl.html #usr/share/doc/openssl/html/man3/PKCS7_decrypt.html #usr/share/doc/openssl/html/man3/PKCS7_dup.html #usr/share/doc/openssl/html/man3/PKCS7_encrypt.html @@ -6314,6 +6316,8 @@ usr/lib/libssl.so.1.1 #usr/share/man/man3/PKCS7_SIGNER_INFO_new.3 #usr/share/man/man3/PKCS7_SIGN_ENVELOPE_free.3 #usr/share/man/man3/PKCS7_SIGN_ENVELOPE_new.3 +#usr/share/man/man3/PKCS7_add_certificate.3 +#usr/share/man/man3/PKCS7_add_crl.3 #usr/share/man/man3/PKCS7_decrypt.3 #usr/share/man/man3/PKCS7_dup.3 #usr/share/man/man3/PKCS7_encrypt.3 diff --git a/lfs/openssl b/lfs/openssl index 28a92a6b3..d456577fa 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@
include Config
-VER = 1.1.1q +VER = 1.1.1s
THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -74,7 +74,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = fc8fd6a62dc291d0bda328a051e253175fb04442cc4b8f45d67c3a5027748a0fc5fb372d0483bc9024ae0bff119c4fac8f1e982a182612427696d6d09f5935f5 +$(DL_FILE)_BLAKE2 = ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe61528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb
install : $(TARGET)
-- 2.38.1
-
Adolf Belka -
Michael Tremer