From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 04 Sep 2024 19:30:01 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1sltpS-001I5z-1J for lore@lore.pengutronix.de; Wed, 04 Sep 2024 19:30:01 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1sltpR-0006GB-Ll; Wed, 04 Sep 2024 19:30:01 +0200 Received: from mail-vi1eur03on2115.outbound.protection.outlook.com ([40.107.103.115] helo=EUR03-VI1-obe.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sltpE-0006Cu-W8 for ptxdist@pengutronix.de; Wed, 04 Sep 2024 19:29:49 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=WT2UV1HYKFbEiWdijTqp41hMLhdKni4ffcSfVKszkJQZDYZE6nQk0hhflBQl/JOiWfCogK9SA9JZ+d8Fd01zp8ab8IeT0HP5avQpp/YvtNTpJM3oY5NUw0ijsFxbTk/iy1VjkUd6Xx8FQQsWsH/d4Dun+6oKtBkP39T/P2qKYzYAIMj7KAvNu8P7hcFFcvP6KmBS6umxIhFnopeiQ2IMIIpqif1hSWHwkj5nhF9OMyZN57FKY2BLbTW2jM5ZTTvJXoL058HUKOZSl87YRne5xp4kxMUaRIzIwMaqfviK40jJDy0VoXJg+QSorPA+/aYK+Fj5gd0eKZIs/bTh7yr8TA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uzZ8cOXRgwXb9H0SK1u89LDrMUuFI0ZXzIHuH22jJxw=; b=usmDVNnysowubhxU3ip3Nv0C4jYk45hEAj9OzlD1ILIXXwOjFL93gDSK+lcdmsUEuCwXnoeBp3nuUDMYCP84UYbEeFDGhGlHnYCNyuk+y1ojLLlC2FX/GCwrnxsvM8NIen4Mdewh+43MOVFeJU4KCwYn1GWi7aOsk2H5hDX+SXUNyNNMsQ1uC+jAWFE8ec8Y2aAeGSKy1cC36Af6NLJ1uHrrwCCEzYQ+ImWGfyPqFV5POAQXe7cPAoC0aetVGKIs4ol6EJZfEeYwpuV0IAcZDauGbqjJtVnxTxaVe5E/uyhLgp8VCdTubG7AbJxydFSjHCftSotoJMcN2rdVhpnF2A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=t2data.com; dmarc=pass action=none header.from=t2data.com; dkim=pass header.d=t2data.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=t2datacom.onmicrosoft.com; s=selector1-t2datacom-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uzZ8cOXRgwXb9H0SK1u89LDrMUuFI0ZXzIHuH22jJxw=; b=CVTlTBLp9dvsqzpfjG9URGoR5mtFUO8jN0HHX90iG0cHikfxP1+Q3O9sILbLcBmDVjXKKf8oTd9j/dXlfFW2a0PfD1NaBwzahBF0gasc9obN8xJxRxVCbUakp/m0g28v0YqT4w9uaCfKPcjtxzgX2uIj8Eekpfa0+Gz9G0icg2A= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=t2data.com; Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) by DU0P251MB0851.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:3b9::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.27; Wed, 4 Sep 2024 17:29:45 +0000 Received: from DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::fe8d:f825:5b29:2903]) by DB9P251MB0618.EURP251.PROD.OUTLOOK.COM ([fe80::fe8d:f825:5b29:2903%7]) with mapi id 15.20.7918.024; Wed, 4 Sep 2024 17:29:45 +0000 From: Christian Melki To: ptxdist@pengutronix.de Date: Wed, 4 Sep 2024 19:29:39 +0200 Message-Id: <20240904172939.2400500-1-christian.melki@t2data.com> X-Mailer: git-send-email 2.34.1 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: GV3PEPF00002BB6.SWEP280.PROD.OUTLOOK.COM (2603:10a6:144:1:0:6:0:b) To DB9P251MB0618.EURP251.PROD.OUTLOOK.COM (2603:10a6:10:334::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DB9P251MB0618:EE_|DU0P251MB0851:EE_ X-MS-Office365-Filtering-Correlation-Id: ad7a18b6-0dff-4e49-4cb6-08dccd072b33 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; ARA:13230040|52116014|376014|366016|1800799024|38350700014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?pThf4chCJQXRsJgDGyoIxQ/+NjxbGvRa29pi7R55JtHfgcToBatF/RJv5MAr?= =?us-ascii?Q?RQwYOTkhRvT1B54zpuCoqqMoz9WjDkgR+1lS72NPVNxJi9sc0iL+EA7OGIuX?= =?us-ascii?Q?Mh4CCOw+h5i57Mi9nMfs0wpL2PEvCOKZqKrKpqWZu72zeaYGpVh9naOflQov?= =?us-ascii?Q?dggpGLOxD0jFfmyAB92MHIPzekFH63BdmXjvvJ0RDHr8KrK6SR3Vt4cyv6uU?= =?us-ascii?Q?eJsNjt/qluCPArS4iRykc7RjFeKUXuQUXrvrIcBIqZ8WCq5le6++EleMj16d?= =?us-ascii?Q?+9avYImdVBjeXGjJR5DwwlI+4o+pSu7RcsDm0NEoF402uzaC4sIuHsoqiVat?= =?us-ascii?Q?6Pkpv/H4b/EGygL45HRt1+fEuYN1itQommOBYA5+sUCAWzCVuLaAP2ljde35?= =?us-ascii?Q?q9vKQ67Yco3l2V2QbT11//WpfBixhxXqEFjCeK9BpRbKzDXZlvv/CxTKPWWk?= =?us-ascii?Q?ISLKbRlvLbRXcUgNfjBLyahP60dLKOvgPT3OkcVjV++I6QnS3pY1z2Gfv/99?= =?us-ascii?Q?9L9DZK1+Tpct3l498GXezFZCIdI36GOZDbrvtGOJfnr9Rih9a0AmgSyNwUHD?= =?us-ascii?Q?rnqU9LjBbvoWn0XtYTV/5B1SKl7lBJKJoHnCbXtH4sLWu+AUJhygJMDUGehT?= =?us-ascii?Q?h5UJhaR0xDaLk3vFjHIGPxZ2NIdTG1MF57muNEih0nPEUi6q6XrGhareZa9a?= =?us-ascii?Q?4cbnlEzwf9t4RMPNCJERwt7zHS8hK5iVC6gRKjToMeEXwP5k3DoEZudMeX55?= =?us-ascii?Q?cNjiWxdaCvGkrAtpWiplONwrkTC8ZcxSy6xTZo5hXexKTfYb9/EMhGMdRUwr?= =?us-ascii?Q?vYElOjvz940NrtZKYLyzK/bKGds5TcGbPX+vlhqLSHYhQpvvaTdr8rlCJ6JX?= =?us-ascii?Q?DbGY/SvhQHrAYaGd3NLBNG3CPr60U6cYo0xmLjLsX5boN1bP/dXSrO26dLJB?= =?us-ascii?Q?lT7kR1+ZR/rNEJDT5rGdkgh+uVG8EjEp99srnHwfMHGIBCbvhuGWJtQKgwZw?= =?us-ascii?Q?V9WaKFbMKMzimaQWDfhgLj53QcLpzLvPEj2235i0WE14BqTwiN1dWGYpgZei?= =?us-ascii?Q?YEReGgIUeK/CpDA1ZrGiHF9XpHGlwDaEZXnJ7cyodm1GiHDiabOmC+/ratWP?= =?us-ascii?Q?xaarzI6634tZabmIl4n+99aiYKpnFqMADQPOJFf6qvNeJoeYUibDFX3qj0vN?= =?us-ascii?Q?frwwI81FLc09SPXAGZqAX/avKibHNs/P50IxhogvwnPlUEbfwVjYIMS7zpQk?= =?us-ascii?Q?+/uNumMoWn/lMkYgMOu10MLAFRmvJgvSRosMC0z2JvCW8pI1p7ucnmspcct+?= =?us-ascii?Q?IG01FzeTx7UoRikSzN64Hg3b9Nfdr8T30Ce8Pl2o2EaEgFfQhFoSgKgqrg8h?= =?us-ascii?Q?4Qf/gmw=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB9P251MB0618.EURP251.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230040)(52116014)(376014)(366016)(1800799024)(38350700014); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?7woRVqPo5qnKAglE64EiWtQ3hSHwaEqT+Zcc2M1tm5ECEWJwyzjkg2HiQ37u?= =?us-ascii?Q?CO+q6K4438dJEkRFUOtcwGPvyUMmfMxbbURp0QN62B6qoI3i6DXNyGZh4kXD?= =?us-ascii?Q?t/GwGbqZvtx/ls+TFAKGDKbCGj8nNxvmEQkASBuEQbsWP/4dOFnahTFViwQB?= =?us-ascii?Q?zoHVL86LKRDT+IhpECBJ7a9xjDQxyHjlOWTBQSV7p8Z44cvk4gouFFy+msXV?= =?us-ascii?Q?DcM9Wed9+2UyuzrgkLVv33obJpowp7XAJ4EJnPTe94HYcff58d8kjJXHXn6k?= =?us-ascii?Q?wAN3Wxo7NUfL4KWHwB3YtJZEGXaLye9U2wBU+pBFOydYSsGhbtvFktNnVqrW?= =?us-ascii?Q?X96i1ILPwJWy9KlHj/YEs20Ms+RIT2Z9pWzmARHBRZASCaKiSQ/ULMzEVMAD?= =?us-ascii?Q?o8weHKM1u7LsQEqUFSr80cFU3BM2FowvG8Hicsl6mLiE9x/3xFrfl3bzdcvM?= =?us-ascii?Q?ubX6fOszOuQwZctAPlbJMdmd9aArFNWX4rJy+LuPPI8ZJt5++/kKtXfdelTK?= =?us-ascii?Q?OjSGiQjfh3+Qw8l5+oq+5smut5iYKPmgbO92i969eVr69OVnZbIkIMsIpZIe?= =?us-ascii?Q?tfDu5mYlkIfCglWHrOO5LpR9/zmyjKzFnS/EPXW1E5qtsW16tMJufGtwHSSB?= =?us-ascii?Q?Jxmbm4pBPQWmsfF5Wq6okS0HkLRo132ZMf1QyG8xN3/2l7VX21ECfYpCh5at?= =?us-ascii?Q?qr5hsiCD0gnxX7s75sJJpE5f3gtw65toffuQL6okzq8PXfxTtQU0X2eJxVld?= =?us-ascii?Q?WGIUBp4CpJD07K5ZcUslMgXFMjYxddTetu8iVvrDhy/0BwiKA94Mddxg/hX1?= =?us-ascii?Q?4jXB6bWspgS2oZNSSuzwNvDBwVK9qy4uaSr0Qf369bi+cRrCcNQxCVDhr8UX?= =?us-ascii?Q?vxolvz3OIkULFvkvk8S/0ig5arl4TsKFkwWLXOASY6O2mk9p2dCqktOmfOcd?= =?us-ascii?Q?+GpEjkELgtJaX5e6mxI9+G71QgLKtUXpICDWezPrDbKeUi3y4M1aghnhgSDE?= =?us-ascii?Q?r797ZhjNomc3BHWdO/secJsoYy2MzmO1QKof2tkrr2lAXh5v5ADyKED8YJUz?= =?us-ascii?Q?wd2zy/oC6w8WuVT7XYhRv8yD0c6jN/Sqd9rrcGysAQ1fV08ykU7TIwyF0ijl?= =?us-ascii?Q?cyKlu5ggunQPyKUr77ix7oHxWMjY2BZRJc2SO5FGMZBu4pb6IvWuQZKoHGjZ?= =?us-ascii?Q?0hbu7jFlCbfANgFSx+V2ti8JagslUT5d4h8gE86E2T9dEcJcbtQobjaci3IG?= =?us-ascii?Q?FucfZAMN8GGtZ22CdU7deideIsGFAWfUYbvxUr7t4GoX+gR51noGYTZw8zhx?= =?us-ascii?Q?/RhfTJkF8zRNMimIEcEV7LXPoyL3G/awMEzAAlj6zXRrbUfEqSrLxCQxWbm3?= =?us-ascii?Q?5T78dR/BwrB48uTv+ND+ZVxZCELexel3b5d8NJtY7KXdpAfWeil73cZHMxSZ?= =?us-ascii?Q?FEM+THhoVdxbxVk4MeiIjnOOF14qX9D6TUul6ttEAq5RRd7y8qTD8ggfAii8?= =?us-ascii?Q?AQE1FPBVGmHHmL6zSYLQdZm6ujY05Xoov6ueSo04HzqvGSrXstXib6HYK14G?= =?us-ascii?Q?uTujhJttNK5C34uA2N04N+GL4woGF0wQXR8/xHWB9WakC0vVcXw0dL5gRb8I?= =?us-ascii?Q?Ow=3D=3D?= X-OriginatorOrg: t2data.com X-MS-Exchange-CrossTenant-Network-Message-Id: ad7a18b6-0dff-4e49-4cb6-08dccd072b33 X-MS-Exchange-CrossTenant-AuthSource: DB9P251MB0618.EURP251.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Sep 2024 17:29:45.4432 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 27928da5-aacd-4ba1-9566-c748a6863e6c X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Kn+jU7WnuIH1WblU3BeRmw1LwglWOrlArHdoRMuPY2xs8cBkpiTIU3HABOI6hI7tWOmPYb1kxpNeGBDkGOO4WEccBwxQyhogW6vkTcw/RKQ= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0P251MB0851 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.1 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED_BLOCKED, RCVD_IN_VALIDITY_RPBL_BLOCKED,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] openssl: Version bump. 3.3.1 -> 3.3.2 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false Minor security fix release. https://github.com/openssl/openssl/blob/master/CHANGES.md#openssl-33 Plugs CVEs: CVE-2024-6119 - Possible denial of service in X.509 name checks CVE-2024-5535 - SSL_select_next_proto buffer overread * OpenSSL moved permanently redirect to github. New releases are not available any more at the old URLs. Add yet another URL to github. * Forward patches. Applies cleanly with a slight rework of offset. Signed-off-by: Christian Melki --- .../0001-debian-targets.patch | 0 patches/{openssl-3.3.1 => openssl-3.3.2}/0002-pic.patch | 0 ...nfigure-allow-to-enable-ktls-if-target-does-not-st.patch | 6 +++--- .../0004-conf-Serialize-allocation-free-of-ssl_names.patch | 0 ...nfigure-drop-fzero-call-used-regs-used-gpr-from-De.patch | 0 patches/{openssl-3.3.1 => openssl-3.3.2}/series | 0 rules/openssl.make | 5 +++-- 7 files changed, 6 insertions(+), 5 deletions(-) rename patches/{openssl-3.3.1 => openssl-3.3.2}/0001-debian-targets.patch (100%) rename patches/{openssl-3.3.1 => openssl-3.3.2}/0002-pic.patch (100%) rename patches/{openssl-3.3.1 => openssl-3.3.2}/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch (93%) rename patches/{openssl-3.3.1 => openssl-3.3.2}/0004-conf-Serialize-allocation-free-of-ssl_names.patch (100%) rename patches/{openssl-3.3.1 => openssl-3.3.2}/0005-Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch (100%) rename patches/{openssl-3.3.1 => openssl-3.3.2}/series (100%) diff --git a/patches/openssl-3.3.1/0001-debian-targets.patch b/patches/openssl-3.3.2/0001-debian-targets.patch similarity index 100% rename from patches/openssl-3.3.1/0001-debian-targets.patch rename to patches/openssl-3.3.2/0001-debian-targets.patch diff --git a/patches/openssl-3.3.1/0002-pic.patch b/patches/openssl-3.3.2/0002-pic.patch similarity index 100% rename from patches/openssl-3.3.1/0002-pic.patch rename to patches/openssl-3.3.2/0002-pic.patch diff --git a/patches/openssl-3.3.1/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch b/patches/openssl-3.3.2/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch similarity index 93% rename from patches/openssl-3.3.1/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch rename to patches/openssl-3.3.2/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch index 0c49d752e..561cca3b6 100644 --- a/patches/openssl-3.3.1/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch +++ b/patches/openssl-3.3.2/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch @@ -28,7 +28,7 @@ Signed-off-by: Michael Olbrich 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf -index c9db9aac28eb..d5ea4737494f 100644 +index cba57b41273f..7fa3eeae412f 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -693,7 +693,7 @@ my %targets = ( @@ -41,10 +41,10 @@ index c9db9aac28eb..d5ea4737494f 100644 "linux-latomic" => { inherit_from => [ "linux-generic32" ], diff --git a/Configure b/Configure -index 3b6617c17719..eeb36812ae0f 100755 +index 238152b2901b..3c7e04a082eb 100755 --- a/Configure +++ b/Configure -@@ -1778,7 +1778,7 @@ unless ($disabled{devcryptoeng}) { +@@ -1777,7 +1777,7 @@ unless ($disabled{devcryptoeng}) { unless ($disabled{ktls}) { $config{ktls}=""; my $cc = $config{CROSS_COMPILE}.$config{CC}; diff --git a/patches/openssl-3.3.1/0004-conf-Serialize-allocation-free-of-ssl_names.patch b/patches/openssl-3.3.2/0004-conf-Serialize-allocation-free-of-ssl_names.patch similarity index 100% rename from patches/openssl-3.3.1/0004-conf-Serialize-allocation-free-of-ssl_names.patch rename to patches/openssl-3.3.2/0004-conf-Serialize-allocation-free-of-ssl_names.patch diff --git a/patches/openssl-3.3.1/0005-Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch b/patches/openssl-3.3.2/0005-Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch similarity index 100% rename from patches/openssl-3.3.1/0005-Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch rename to patches/openssl-3.3.2/0005-Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch diff --git a/patches/openssl-3.3.1/series b/patches/openssl-3.3.2/series similarity index 100% rename from patches/openssl-3.3.1/series rename to patches/openssl-3.3.2/series diff --git a/rules/openssl.make b/rules/openssl.make index 066437c9b..b8ca897ab 100644 --- a/rules/openssl.make +++ b/rules/openssl.make @@ -16,11 +16,12 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl # # Paths and names # -OPENSSL_VERSION := 3.3.1 -OPENSSL_MD5 := 8a4342b399c18f870ca6186299195984 +OPENSSL_VERSION := 3.3.2 +OPENSSL_MD5 := 015fca2692596560b6fe8a2d8fecd84b OPENSSL := openssl-$(OPENSSL_VERSION) OPENSSL_SUFFIX := tar.gz OPENSSL_URL := \ + https://github.com/openssl/openssl/releases/download/$(OPENSSL)/$(OPENSSL).$(OPENSSL_SUFFIX) \ https://www.openssl.org/source/$(OPENSSL).$(OPENSSL_SUFFIX) \ https://www.openssl.org/source/old/$(basename $(OPENSSL_VERSION))/$(OPENSSL).$(OPENSSL_SUFFIX) OPENSSL_SOURCE := $(SRCDIR)/$(OPENSSL).$(OPENSSL_SUFFIX) -- 2.34.1