From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 7eaef905a8aa14b0f8bd06bb85c681811a892237 Date: Wed, 08 Feb 2023 11:18:15 +0000 Message-ID: <4PBctc2WSqz2xp9@people01.haj.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7055174971708489661==" List-Id: --===============7055174971708489661== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 7eaef905a8aa14b0f8bd06bb85c681811a892237 (commit) via b5282bf06718d83f54761e7c46b14adb3b72e629 (commit) from 1c3b87d4124402b5a56145770284af0091afdfb5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7eaef905a8aa14b0f8bd06bb85c681811a892237 Author: Michael Tremer Date: Wed Feb 8 11:13:30 2023 +0000 openssl: Update to 1.1.1t =20 *) Fixed X.400 address type confusion in X.509 GeneralName. =20 There is a type confusion vulnerability relating to X.400 address pr= ocessing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_= STRING but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. Th= is vulnerability may allow an attacker who can provide a certificate ch= ain and CRL (neither of which need have a valid signature) to pass arbitrary pointers to a memcmp call, creating a possible read primitive, subje= ct to some constraints. Refer to the advisory for more information. Thanks= to David Benjamin for discovering this issue. (CVE-2023-0286) =20 This issue has been fixed by changing the public header file definit= ion of GENERAL_NAME so that x400Address reflects the implementation. It was= not possible for any existing application to successfully use the existi= ng definition; however, if any application references the x400Address f= ield (e.g. in dead code), note that the type of this field has changed. T= here is no ABI change. [Hugo Landau] =20 *) Fixed Use-after-free following BIO_new_NDEF. =20 The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to O= penSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may = also be called directly by end user applications. =20 The function receives a BIO from the caller, prepends a new BIO_f_as= n1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain condition= s, for example if a CMS recipient public key is invalid, the new filter= BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and = the BIO passed by the caller still retains internal pointers to the prev= iously freed filter BIO. If the caller then goes on to call BIO_pop() on th= e BIO then a use-after-free will occur. This will most likely result in a = crash. (CVE-2023-0215) [Viktor Dukhovni, Matt Caswell] =20 *) Fixed Double free after calling PEM_read_bio_ex. =20 The function PEM_read_bio_ex() reads a PEM file from a BIO and parse= s and decodes the "name" (e.g. "CERTIFICATE"), any header data and the pay= load data. If the function succeeds then the "name_out", "header" and "da= ta" arguments are populated with pointers to buffers containing the rele= vant decoded data. The caller is responsible for freeing those buffers. I= t is possible to construct a PEM file that results in 0 bytes of payload = data. In this case PEM_read_bio_ex() will return a failure code but will p= opulate the header argument with a pointer to a buffer that has already been= freed. If the caller also frees this buffer then a double free will occur. = This will most likely lead to a crash. =20 The functions PEM_read_bio() and PEM_read() are simple wrappers arou= nd PEM_read_bio_ex() and therefore these functions are also directly af= fected. =20 These functions are also called indirectly by a number of other Open= SSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the call= er does not free the header argument if PEM_read_bio_ex() returns a failure = code. (CVE-2022-4450) [Kurt Roeckx, Matt Caswell] =20 *) Fixed Timing Oracle in RSA Decryption. =20 A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext acro= ss a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large nu= mber of trial messages for decryption. The vulnerability affects all RSA = padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. (CVE-2022-4304) [Dmitry Belyavsky, Hubert Kario] =20 Signed-off-by: Michael Tremer commit b5282bf06718d83f54761e7c46b14adb3b72e629 Author: Arne Fitzenreiter Date: Tue Feb 7 22:15:11 2023 +0000 kernel: update to 6.1.10 =20 Signed-off-by: Arne Fitzenreiter Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: config/rootfiles/{oldcore/100 =3D> core/173}/filelists/openssl | 0 lfs/linux | 4 ++-- lfs/openssl | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) copy config/rootfiles/{oldcore/100 =3D> core/173}/filelists/openssl (100%) Difference in files: diff --git a/config/rootfiles/core/173/filelists/openssl b/config/rootfiles/c= ore/173/filelists/openssl new file mode 120000 index 000000000..e011a9266 --- /dev/null +++ b/config/rootfiles/core/173/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/lfs/linux b/lfs/linux index 35e5cc05e..ed82b0a7a 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 6.1.9 +VER =3D 6.1.10 ARM_PATCHES =3D 6.1.y-ipfire0 =20 THISAPP =3D linux-$(VER) @@ -78,7 +78,7 @@ objects =3D$(DL_FILE) \ $(DL_FILE) =3D $(URL_IPFIRE)/$(DL_FILE) arm-multi-patches-$(ARM_PATCHES).patch.xz =3D $(URL_IPFIRE)/arm-multi-patche= s-$(ARM_PATCHES).patch.xz =20 -$(DL_FILE)_BLAKE2 =3D 6e511381b4e189bad3722ef8ac3a178e24f60c78e1614b1131f2ba= 000c452ad447d9c9ab028fa1d150188084aed36572188d8cb9d416409c4391c3be583952fa +$(DL_FILE)_BLAKE2 =3D 926c499eb3260e4358b8112785e7be74062aca54b4d5c21d2729ef= c81329ae168c461d32f54061d8db05a12cac45b63ca97b74084a8af8138f547c3a2fc2d947 arm-multi-patches-$(ARM_PATCHES).patch.xz_BLAKE2 =3D 3ef9a778c5c41ee8bf2942a= 48f63b21228a632a2910d2123f01155bbf571592898cffffa61c387a5a6c817b62e458947b4c4= 06c6591b23b5401faa47b020337f =20 install : $(TARGET) diff --git a/lfs/openssl b/lfs/openssl index a6384009e..fe197d376 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 1.1.1s +VER =3D 1.1.1t =20 THISAPP =3D openssl-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -74,7 +74,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_BLAKE2 =3D ecd19eaf84dbc80448b51651abe52a89cc0052f024537959c4ebe6= 1528988f235d661244fce6967159a876dd038c817bad19df742e828ca1cbae97ce6a4124bb +$(DL_FILE)_BLAKE2 =3D 66d76ea0c05a4afc3104e22602cffc2373e857728625d31ab32448= 81cafa91c099a817a09def7746bce4133585bfc90b769f43527e77a81ed13e60a8c2fb4d8d =20 install : $(TARGET) =20 hooks/post-receive -- IPFire 2.x development tree --===============7055174971708489661==--