From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 02 Jun 2023 15:53:39 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1q55Do-007PHa-Oa for lore@lore.pengutronix.de; Fri, 02 Jun 2023 15:53:39 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1q55Dm-0003Fp-Qj; Fri, 02 Jun 2023 15:53:38 +0200 Received: from drehscheibe.grey.stw.pengutronix.de ([2a0a:edc0:0:c01:1d::a2]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1q55DG-0003FU-2I; Fri, 02 Jun 2023 15:53:06 +0200 Received: from [2a0a:edc0:0:1101:1d::54] (helo=dude05.red.stw.pengutronix.de) by drehscheibe.grey.stw.pengutronix.de with esmtp (Exim 4.94.2) (envelope-from ) id 1q55DF-004bAt-9s; Fri, 02 Jun 2023 15:53:05 +0200 Received: from mol by dude05.red.stw.pengutronix.de with local (Exim 4.94.2) (envelope-from ) id 1q55DE-002jhC-He; Fri, 02 Jun 2023 15:53:04 +0200 From: Michael Olbrich To: ptxdist@pengutronix.de Date: Fri, 2 Jun 2023 15:53:04 +0200 Message-Id: <20230602135304.652280-1-m.olbrich@pengutronix.de> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230601170940.148580-1-christian.melki@t2data.com> References: <20230601170940.148580-1-christian.melki@t2data.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Subject: Re: [ptxdist] [APPLIED] openssl: Version bump. 3.1.0 -> 3.1.1 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Christian Melki Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false Thanks, applied as 4f65114a90568dfe0bcc6c9ba43d7698a97d65c4. Michael [sent from post-receive hook] On Fri, 02 Jun 2023 15:53:04 +0200, Christian Melki wrote: > Minor fixes. > https://www.openssl.org/news/cl31.txt > > https://www.openssl.org/news/vulnerabilities-3.1.html > Fixes five CVEs (Moderate to low severity). > CVE-2023-2650 - Possible DoS translating ASN.1 object identifiers > CVE-2023-0465 - Invalid certificate policies in leaf certificates are silently ignored > CVE-2023-1255 - Input buffer over-read in AES-XTS implementation on 64 bit ARM > CVE-2023-0466 - Certificate policy check not enabled > CVE-2023-0464 - Excessive Resource Usage Verifying X.509 Policy Constraints > > * Forward patches. Applies cleanly. > And still looks about the same from the debian origin in their 3.1.1. > > Signed-off-by: Christian Melki > Message-Id: <20230601170940.148580-1-christian.melki@t2data.com> > Signed-off-by: Michael Olbrich > > diff --git a/patches/openssl-3.1.0/0001-debian-targets.patch b/patches/openssl-3.1.1/0001-debian-targets.patch > similarity index 100% > rename from patches/openssl-3.1.0/0001-debian-targets.patch > rename to patches/openssl-3.1.1/0001-debian-targets.patch > diff --git a/patches/openssl-3.1.0/0002-pic.patch b/patches/openssl-3.1.1/0002-pic.patch > similarity index 100% > rename from patches/openssl-3.1.0/0002-pic.patch > rename to patches/openssl-3.1.1/0002-pic.patch > diff --git a/patches/openssl-3.1.0/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch b/patches/openssl-3.1.1/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch > similarity index 100% > rename from patches/openssl-3.1.0/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch > rename to patches/openssl-3.1.1/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch > diff --git a/patches/openssl-3.1.0/0004-conf-Serialize-allocation-free-of-ssl_names.patch b/patches/openssl-3.1.1/0004-conf-Serialize-allocation-free-of-ssl_names.patch > similarity index 100% > rename from patches/openssl-3.1.0/0004-conf-Serialize-allocation-free-of-ssl_names.patch > rename to patches/openssl-3.1.1/0004-conf-Serialize-allocation-free-of-ssl_names.patch > diff --git a/patches/openssl-3.1.0/0005-Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch b/patches/openssl-3.1.1/0005-Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch > similarity index 100% > rename from patches/openssl-3.1.0/0005-Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch > rename to patches/openssl-3.1.1/0005-Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch > diff --git a/patches/openssl-3.1.0/series b/patches/openssl-3.1.1/series > similarity index 100% > rename from patches/openssl-3.1.0/series > rename to patches/openssl-3.1.1/series > diff --git a/rules/openssl.make b/rules/openssl.make > index f4fb408d1abe..e292cd3076fa 100644 > --- a/rules/openssl.make > +++ b/rules/openssl.make > @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl > # > # Paths and names > # > -OPENSSL_VERSION := 3.1.0 > -OPENSSL_MD5 := f6c520aa2206d4d1fa71ea30b5e9a56d > +OPENSSL_VERSION := 3.1.1 > +OPENSSL_MD5 := 1864b75e31fb4a6e0a07fd832529add3 > OPENSSL := openssl-$(OPENSSL_VERSION) > OPENSSL_SUFFIX := tar.gz > OPENSSL_URL := \