* [Buildroot] [PATCH 1/1] package/libopenssl: security bump to version 1.0.2m
@ 2017-11-03 18:33 Bernd Kuhls
2017-11-03 20:56 ` Thomas Petazzoni
2017-11-26 19:22 ` Peter Korsgaard
0 siblings, 2 replies; 3+ messages in thread
From: Bernd Kuhls @ 2017-11-03 18:33 UTC (permalink / raw)
To: buildroot
Fixes the following CVEs:
bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
Release notes: https://www.openssl.org/news/secadv/20171102.txt
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
package/libopenssl/libopenssl.hash | 4 ++--
package/libopenssl/libopenssl.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash
index da911c5ce9..c6226c302f 100644
--- a/package/libopenssl/libopenssl.hash
+++ b/package/libopenssl/libopenssl.hash
@@ -1,5 +1,5 @@
-# From https://www.openssl.org/source/openssl-1.0.2l.tar.gz.sha256
-sha256 ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c openssl-1.0.2l.tar.gz
+# From https://www.openssl.org/source/openssl-1.0.2m.tar.gz.sha256
+sha256 8c6ff15ec6b319b50788f42c7abc2890c08ba5a1cdcd3810eb9092deada37b0f openssl-1.0.2m.tar.gz
# Locally computed
sha256 eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9 openssl-1.0.2a-parallel-install-dirs.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
sha256 147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f openssl-1.0.2a-parallel-obj-headers.patch?id=c8abcbe8de5d3b6cdd68c162f398c011ff6e2d9d
diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index 90cff585f8..8cccb9c606 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBOPENSSL_VERSION = 1.0.2l
+LIBOPENSSL_VERSION = 1.0.2m
LIBOPENSSL_SITE = http://www.openssl.org/source
LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
LIBOPENSSL_LICENSE = OpenSSL or SSLeay
--
2.11.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/libopenssl: security bump to version 1.0.2m
2017-11-03 18:33 [Buildroot] [PATCH 1/1] package/libopenssl: security bump to version 1.0.2m Bernd Kuhls
@ 2017-11-03 20:56 ` Thomas Petazzoni
2017-11-26 19:22 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni @ 2017-11-03 20:56 UTC (permalink / raw)
To: buildroot
Hello,
On Fri, 3 Nov 2017 19:33:59 +0100, Bernd Kuhls wrote:
> Fixes the following CVEs:
> bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
> Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
>
> Release notes: https://www.openssl.org/news/secadv/20171102.txt
>
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
> ---
> package/libopenssl/libopenssl.hash | 4 ++--
> package/libopenssl/libopenssl.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 1/1] package/libopenssl: security bump to version 1.0.2m
2017-11-03 18:33 [Buildroot] [PATCH 1/1] package/libopenssl: security bump to version 1.0.2m Bernd Kuhls
2017-11-03 20:56 ` Thomas Petazzoni
@ 2017-11-26 19:22 ` Peter Korsgaard
1 sibling, 0 replies; 3+ messages in thread
From: Peter Korsgaard @ 2017-11-26 19:22 UTC (permalink / raw)
To: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd.kuhls@t-online.de> writes:
> Fixes the following CVEs:
> bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
> Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
> Release notes: https://www.openssl.org/news/secadv/20171102.txt
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Committed to 2017.02.x and 2017.08.x after s/libopenssl/openssl/, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-11-26 19:22 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-11-03 18:33 [Buildroot] [PATCH 1/1] package/libopenssl: security bump to version 1.0.2m Bernd Kuhls
2017-11-03 20:56 ` Thomas Petazzoni
2017-11-26 19:22 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox