[Buildroot] [PATCH] package/libopenssl: security bump to version 1.1.1u

[Buildroot] [PATCH] package/libopenssl: security bump to version 1.1.1u

[Francois Perrad]

fix CVE-2023-2650  Possible DoS translating ASN.1 object identifiers

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
---
 ...Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch | 2 +-
 ...Configure-use-ELFv2-ABI-on-some-ppc64-big-endian-sys.patch | 2 +-
 .../0007-Fixup-support-for-io_pgetevents_time64-syscall.patch | 2 +-
 package/libopenssl/libopenssl.hash                            | 4 ++--
 package/libopenssl/libopenssl.mk                              | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch b/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch
index c51a3cd684..ef40b0353a 100644
--- a/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch
+++ b/package/libopenssl/0003-Introduce-the-OPENSSL_NO_MADVISE-to-disable-call-to-.patch
@@ -13,7 +13,7 @@ diff --git a/crypto/mem_sec.c b/crypto/mem_sec.c
 index 9e0f670..32c7282 100644
 --- a/crypto/mem_sec.c
 +++ b/crypto/mem_sec.c
-@@ -485,7 +485,7 @@ static int sh_init(size_t size, int minsize)
+@@ -491,7 +491,7 @@ static int sh_init(size_t size, int minsize)
      if (mlock(sh.arena, sh.arena_size) < 0)
          ret = 2;
  #endif
diff --git a/package/libopenssl/0004-Configure-use-ELFv2-ABI-on-some-ppc64-big-endian-sys.patch b/package/libopenssl/0004-Configure-use-ELFv2-ABI-on-some-ppc64-big-endian-sys.patch
index b5070ad74c..9f34e1f5fb 100644
--- a/package/libopenssl/0004-Configure-use-ELFv2-ABI-on-some-ppc64-big-endian-sys.patch
+++ b/package/libopenssl/0004-Configure-use-ELFv2-ABI-on-some-ppc64-big-endian-sys.patch
@@ -21,7 +21,7 @@ diff --git a/Configure b/Configure
 index 5a699836f3..f9152b1702 100755
 --- a/Configure
 +++ b/Configure
-@@ -1417,6 +1417,10 @@ my %predefined_CXX = $config{CXX}
+@@ -1424,6 +1424,10 @@ my %predefined_CXX = $config{CXX}
      ? compiler_predefined($config{CROSS_COMPILE}.$config{CXX})
      : ();
  
diff --git a/package/libopenssl/0007-Fixup-support-for-io_pgetevents_time64-syscall.patch b/package/libopenssl/0007-Fixup-support-for-io_pgetevents_time64-syscall.patch
index 4313eecd6d..7b003e4836 100644
--- a/package/libopenssl/0007-Fixup-support-for-io_pgetevents_time64-syscall.patch
+++ b/package/libopenssl/0007-Fixup-support-for-io_pgetevents_time64-syscall.patch
@@ -23,7 +23,7 @@ diff --git a/engines/e_afalg.c b/engines/e_afalg.c
 index 9480d7c24b..4e9d67db2d 100644
 --- a/engines/e_afalg.c
 +++ b/engines/e_afalg.c
-@@ -124,27 +124,56 @@ static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
+@@ -121,27 +121,56 @@ static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
      return syscall(__NR_io_submit, ctx, n, iocb);
  }
  
diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash
index ebc56b11dd..708926de80 100644
--- a/package/libopenssl/libopenssl.hash
+++ b/package/libopenssl/libopenssl.hash
@@ -1,5 +1,5 @@
-# From https://www.openssl.org/source/openssl-1.1.1t.tar.gz.sha256
-sha256  8dee9b24bdb1dcbf0c3d1e9b02fb8f6bf22165e807f45adeb7c9677536859d3b  openssl-1.1.1t.tar.gz
+# From https://www.openssl.org/source/openssl-1.1.1u.tar.gz.sha256
+sha256  e2f8d84b523eecd06c7be7626830370300fbcc15386bf5142d72758f6963ebc6  openssl-1.1.1u.tar.gz
 
 # License files
 sha256  c32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841c  LICENSE
diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index 6e84f06175..178979f43b 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBOPENSSL_VERSION = 1.1.1t
+LIBOPENSSL_VERSION = 1.1.1u
 LIBOPENSSL_SITE = https://www.openssl.org/source
 LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
 LIBOPENSSL_LICENSE = OpenSSL or SSLeay
-- 
2.37.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/libopenssl: security bump to version 1.1.1u

[Peter Korsgaard]

>>>>> "Francois" == Francois Perrad <fperrad@gmail.com> writes:

 > fix CVE-2023-2650  Possible DoS translating ASN.1 object identifiers
 > Signed-off-by: Francois Perrad <francois.perrad@gadz.org>

Committed, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/libopenssl: security bump to version 1.1.1u

[Peter Korsgaard]

>>>>> "Francois" == Francois Perrad <fperrad@gmail.com> writes:

 > fix CVE-2023-2650  Possible DoS translating ASN.1 object identifiers
 > Signed-off-by: Francois Perrad <francois.perrad@gadz.org>

Committed to 2023.02.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot