Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.3.2
@ 2024-09-04  5:37 Bernd Kuhls
  2024-09-05  6:05 ` Peter Korsgaard
  2024-09-18 20:56 ` Peter Korsgaard
  0 siblings, 2 replies; 4+ messages in thread
From: Bernd Kuhls @ 2024-09-04  5:37 UTC (permalink / raw)
  To: buildroot

Fixes CVE-2024-6119 & CVE-2024-5535:
https://openssl-library.org/news/openssl-3.3-notes/index.html

Updated _SITE and project URL according to
https://openssl-library.org/post/2024-04-30-releases-distribution-changes/

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
 package/libopenssl/libopenssl.hash | 4 ++--
 package/libopenssl/libopenssl.mk   | 4 ++--
 package/openssl/Config.in          | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash
index dd1c99f7a7..52fce1eb3a 100644
--- a/package/libopenssl/libopenssl.hash
+++ b/package/libopenssl/libopenssl.hash
@@ -1,5 +1,5 @@
-# From https://www.openssl.org/source/openssl-3.3.1.tar.gz.sha256
-sha256  777cd596284c883375a2a7a11bf5d2786fc5413255efab20c50d6ffe6d020b7e  openssl-3.3.1.tar.gz
+# From https://github.com/openssl/openssl/releases/download/openssl-3.3.2/openssl-3.3.2.tar.gz.sha256
+sha256  2e8a40b01979afe8be0bbfb3de5dc1c6709fedb46d6c89c10da114ab5fc3d281  openssl-3.3.2.tar.gz
 
 # License files
 sha256  7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a  LICENSE.txt
diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index 89a9189bb8..82b924c557 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -4,8 +4,8 @@
 #
 ################################################################################
 
-LIBOPENSSL_VERSION = 3.3.1
-LIBOPENSSL_SITE = https://www.openssl.org/source
+LIBOPENSSL_VERSION = 3.3.2
+LIBOPENSSL_SITE = https://github.com/openssl/openssl/releases/download/openssl-$(LIBOPENSSL_VERSION)
 LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
 LIBOPENSSL_LICENSE = Apache-2.0
 LIBOPENSSL_LICENSE_FILES = LICENSE.txt
diff --git a/package/openssl/Config.in b/package/openssl/Config.in
index 30db152fad..d255a05596 100644
--- a/package/openssl/Config.in
+++ b/package/openssl/Config.in
@@ -35,7 +35,7 @@ config BR2_PACKAGE_LIBOPENSSL
 	  (TLS v1) as well as a full-strength general-purpose
 	  cryptography library.
 
-	  http://www.openssl.org/
+	  https://openssl-library.org/
 
 	  Note: Some helper scripts need perl.
 
-- 
2.39.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.3.2
  2024-09-04  5:37 [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.3.2 Bernd Kuhls
@ 2024-09-05  6:05 ` Peter Korsgaard
  2024-09-05 20:44   ` Thomas Petazzoni via buildroot
  2024-09-18 20:56 ` Peter Korsgaard
  1 sibling, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2024-09-05  6:05 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: buildroot

>>>>> "Bernd" == Bernd Kuhls <bernd@kuhls.net> writes:

 > Fixes CVE-2024-6119 & CVE-2024-5535:
 > https://openssl-library.org/news/openssl-3.3-notes/index.html

 > Updated _SITE and project URL according to
 > https://openssl-library.org/post/2024-04-30-releases-distribution-changes/

 > Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

I sent a similar patch Tuesday, but it apparently hasn't made it to the
list yet.

Committed after extending the CVE info, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.3.2
  2024-09-05  6:05 ` Peter Korsgaard
@ 2024-09-05 20:44   ` Thomas Petazzoni via buildroot
  0 siblings, 0 replies; 4+ messages in thread
From: Thomas Petazzoni via buildroot @ 2024-09-05 20:44 UTC (permalink / raw)
  To: Peter Korsgaard; +Cc: Bernd Kuhls, buildroot

On Thu, 05 Sep 2024 08:05:57 +0200
Peter Korsgaard <peter@korsgaard.com> wrote:

> I sent a similar patch Tuesday, but it apparently hasn't made it to the
> list yet.

It was on the list and in patchwork. So I marked your older patch as
not applicable.

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.3.2
  2024-09-04  5:37 [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.3.2 Bernd Kuhls
  2024-09-05  6:05 ` Peter Korsgaard
@ 2024-09-18 20:56 ` Peter Korsgaard
  1 sibling, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2024-09-18 20:56 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: buildroot

>>>>> "Bernd" == Bernd Kuhls <bernd@kuhls.net> writes:

 > Fixes CVE-2024-6119 & CVE-2024-5535:
 > https://openssl-library.org/news/openssl-3.3-notes/index.html

 > Updated _SITE and project URL according to
 > https://openssl-library.org/post/2024-04-30-releases-distribution-changes/

 > Signed-off-by: Bernd Kuhls <bernd@kuhls.net>

For 2024.02.x I will instead bump to version 3.2.3.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-09-18 20:56 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-09-04  5:37 [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.3.2 Bernd Kuhls
2024-09-05  6:05 ` Peter Korsgaard
2024-09-05 20:44   ` Thomas Petazzoni via buildroot
2024-09-18 20:56 ` Peter Korsgaard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox