* [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.1.4
@ 2023-10-26 18:19 Bernd Kuhls
2023-10-29 8:45 ` Yann E. MORIN
2023-10-31 7:52 ` Peter Korsgaard
0 siblings, 2 replies; 10+ messages in thread
From: Bernd Kuhls @ 2023-10-26 18:19 UTC (permalink / raw)
To: buildroot
Fixes CVE-2023-5363:
https://www.openssl.org/news/secadv/20231024.txt
https://www.openssl.org/news/vulnerabilities.html
Changelog: https://www.openssl.org/news/cl31.txt
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
package/libopenssl/libopenssl.hash | 4 ++--
package/libopenssl/libopenssl.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash
index 9126175977..29ced7cddd 100644
--- a/package/libopenssl/libopenssl.hash
+++ b/package/libopenssl/libopenssl.hash
@@ -1,5 +1,5 @@
-# From https://www.openssl.org/source/openssl-3.1.3.tar.gz.sha256
-sha256 f0316a2ebd89e7f2352976445458689f80302093788c466692fb2a188b2eacf6 openssl-3.1.3.tar.gz
+# From https://www.openssl.org/source/openssl-3.1.4.tar.gz.sha256
+sha256 840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3 openssl-3.1.4.tar.gz
# License files
sha256 7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a LICENSE.txt
diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index b69ef032f2..b8b6ec6bff 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBOPENSSL_VERSION = 3.1.3
+LIBOPENSSL_VERSION = 3.1.4
LIBOPENSSL_SITE = https://www.openssl.org/source
LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
LIBOPENSSL_LICENSE = Apache-2.0
--
2.39.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.1.4
2023-10-26 18:19 [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.1.4 Bernd Kuhls
@ 2023-10-29 8:45 ` Yann E. MORIN
2023-10-31 7:52 ` Peter Korsgaard
1 sibling, 0 replies; 10+ messages in thread
From: Yann E. MORIN @ 2023-10-29 8:45 UTC (permalink / raw)
To: Bernd Kuhls; +Cc: buildroot
Bernd, All,
On 2023-10-26 20:19 +0200, Bernd Kuhls spake thusly:
> Fixes CVE-2023-5363:
> https://www.openssl.org/news/secadv/20231024.txt
> https://www.openssl.org/news/vulnerabilities.html
>
> Changelog: https://www.openssl.org/news/cl31.txt
>
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> package/libopenssl/libopenssl.hash | 4 ++--
> package/libopenssl/libopenssl.mk | 2 +-
> 2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash
> index 9126175977..29ced7cddd 100644
> --- a/package/libopenssl/libopenssl.hash
> +++ b/package/libopenssl/libopenssl.hash
> @@ -1,5 +1,5 @@
> -# From https://www.openssl.org/source/openssl-3.1.3.tar.gz.sha256
> -sha256 f0316a2ebd89e7f2352976445458689f80302093788c466692fb2a188b2eacf6 openssl-3.1.3.tar.gz
> +# From https://www.openssl.org/source/openssl-3.1.4.tar.gz.sha256
> +sha256 840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3 openssl-3.1.4.tar.gz
>
> # License files
> sha256 7d5450cb2d142651b8afa315b5f238efc805dad827d91ba367d8516bc9d49e7a LICENSE.txt
> diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
> index b69ef032f2..b8b6ec6bff 100644
> --- a/package/libopenssl/libopenssl.mk
> +++ b/package/libopenssl/libopenssl.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -LIBOPENSSL_VERSION = 3.1.3
> +LIBOPENSSL_VERSION = 3.1.4
> LIBOPENSSL_SITE = https://www.openssl.org/source
> LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
> LIBOPENSSL_LICENSE = Apache-2.0
> --
> 2.39.2
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.1.4
2023-10-26 18:19 [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.1.4 Bernd Kuhls
2023-10-29 8:45 ` Yann E. MORIN
@ 2023-10-31 7:52 ` Peter Korsgaard
2023-10-31 9:00 ` Scott Fan
1 sibling, 1 reply; 10+ messages in thread
From: Peter Korsgaard @ 2023-10-31 7:52 UTC (permalink / raw)
To: Bernd Kuhls; +Cc: buildroot
>>>>> "Bernd" == Bernd Kuhls <bernd@kuhls.net> writes:
> Fixes CVE-2023-5363:
> https://www.openssl.org/news/secadv/20231024.txt
> https://www.openssl.org/news/vulnerabilities.html
> Changelog: https://www.openssl.org/news/cl31.txt
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
For 2023.08.x I will instead bump to 3.0.12, which contains the same
fix.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.1.4
2023-10-31 7:52 ` Peter Korsgaard
@ 2023-10-31 9:00 ` Scott Fan
2023-10-31 9:48 ` Peter Korsgaard
0 siblings, 1 reply; 10+ messages in thread
From: Scott Fan @ 2023-10-31 9:00 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: Bernd Kuhls, buildroot
For 2023.02.x branch, it need bump to 1.1.1w version.
Scott Fan
On Tue, Oct 31, 2023 at 3:52 PM Peter Korsgaard <peter@korsgaard.com> wrote:
>
> >>>>> "Bernd" == Bernd Kuhls <bernd@kuhls.net> writes:
>
> > Fixes CVE-2023-5363:
> > https://www.openssl.org/news/secadv/20231024.txt
> > https://www.openssl.org/news/vulnerabilities.html
>
> > Changelog: https://www.openssl.org/news/cl31.txt
>
> > Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
>
> For 2023.08.x I will instead bump to 3.0.12, which contains the same
> fix.
>
> --
> Bye, Peter Korsgaard
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.1.4
2023-10-31 9:00 ` Scott Fan
@ 2023-10-31 9:48 ` Peter Korsgaard
2023-10-31 11:08 ` Scott Fan
0 siblings, 1 reply; 10+ messages in thread
From: Peter Korsgaard @ 2023-10-31 9:48 UTC (permalink / raw)
To: Scott Fan; +Cc: Bernd Kuhls, buildroot
>>>>> "Scott" == Scott Fan <fancp2007@gmail.com> writes:
> For 2023.02.x branch, it need bump to 1.1.1w version.
Why? Isn't 1.1.1w only including the security fix for the Windows-only
CVE-2023-4807 vulnerability?
https://www.openssl.org/news/secadv/20230908.txt
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.1.4
2023-10-31 9:48 ` Peter Korsgaard
@ 2023-10-31 11:08 ` Scott Fan
2023-10-31 12:34 ` Peter Korsgaard
0 siblings, 1 reply; 10+ messages in thread
From: Scott Fan @ 2023-10-31 11:08 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: Bernd Kuhls, buildroot
Sorry, i thought it would always follow the upstream.
Scott Fan
On Tue, Oct 31, 2023 at 5:48 PM Peter Korsgaard <peter@korsgaard.com> wrote:
>
> >>>>> "Scott" == Scott Fan <fancp2007@gmail.com> writes:
>
> > For 2023.02.x branch, it need bump to 1.1.1w version.
>
> Why? Isn't 1.1.1w only including the security fix for the Windows-only
> CVE-2023-4807 vulnerability?
>
> https://www.openssl.org/news/secadv/20230908.txt
>
> --
> Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.1.4
2023-10-31 11:08 ` Scott Fan
@ 2023-10-31 12:34 ` Peter Korsgaard
2023-11-01 1:58 ` [Buildroot] [PATCH] package/libopenssl: bump to version 1.1.1w Scott Fan
2023-11-01 2:01 ` [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.1.4 Scott Fan
0 siblings, 2 replies; 10+ messages in thread
From: Peter Korsgaard @ 2023-10-31 12:34 UTC (permalink / raw)
To: Scott Fan; +Cc: Bernd Kuhls, buildroot
>>>>> "Scott" == Scott Fan <fancp2007@gmail.com> writes:
> Sorry, i thought it would always follow the upstream.
We normally do, but given that there is no added value for !windows, I
haven't done the work to update the LTS. Normally it would be taken care
of once the next update comes out with Linux fixes, but that is unlikely
to happen for 1.1.1 given that it is EOL.
But if you like to have 1.1.1w then that is fine by me, please send a
patch.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Buildroot] [PATCH] package/libopenssl: bump to version 1.1.1w
2023-10-31 12:34 ` Peter Korsgaard
@ 2023-11-01 1:58 ` Scott Fan
2023-11-07 16:50 ` Peter Korsgaard
2023-11-01 2:01 ` [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.1.4 Scott Fan
1 sibling, 1 reply; 10+ messages in thread
From: Scott Fan @ 2023-11-01 1:58 UTC (permalink / raw)
To: buildroot; +Cc: Scott Fan
This maybe the last patch for OpenSSL 1.1.1 LTS, it had reached
end-of-life on 2023-09-11.
Signed-off-by: Scott Fan <fancp2007@gmail.com>
---
package/libopenssl/libopenssl.hash | 4 ++--
package/libopenssl/libopenssl.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/libopenssl/libopenssl.hash b/package/libopenssl/libopenssl.hash
index 4541087c07..cf28d4e05b 100644
--- a/package/libopenssl/libopenssl.hash
+++ b/package/libopenssl/libopenssl.hash
@@ -1,5 +1,5 @@
-# From https://www.openssl.org/source/openssl-1.1.1v.tar.gz.sha256
-sha256 d6697e2871e77238460402e9362d47d18382b15ef9f246aba6c7bd780d38a6b0 openssl-1.1.1v.tar.gz
+# From https://www.openssl.org/source/openssl-1.1.1w.tar.gz.sha256
+sha256 cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8 openssl-1.1.1w.tar.gz
# License files
sha256 c32913b33252e71190af2066f08115c69bc9fddadf3bf29296e20c835389841c LICENSE
diff --git a/package/libopenssl/libopenssl.mk b/package/libopenssl/libopenssl.mk
index fe68a20ed1..651283a828 100644
--- a/package/libopenssl/libopenssl.mk
+++ b/package/libopenssl/libopenssl.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBOPENSSL_VERSION = 1.1.1v
+LIBOPENSSL_VERSION = 1.1.1w
LIBOPENSSL_SITE = https://www.openssl.org/source
LIBOPENSSL_SOURCE = openssl-$(LIBOPENSSL_VERSION).tar.gz
LIBOPENSSL_LICENSE = OpenSSL or SSLeay
--
2.25.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.1.4
2023-10-31 12:34 ` Peter Korsgaard
2023-11-01 1:58 ` [Buildroot] [PATCH] package/libopenssl: bump to version 1.1.1w Scott Fan
@ 2023-11-01 2:01 ` Scott Fan
1 sibling, 0 replies; 10+ messages in thread
From: Scott Fan @ 2023-11-01 2:01 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: Bernd Kuhls, buildroot
I have send the patch, need apply to 2023.02.x brach
Scott Fan
On Tue, Oct 31, 2023 at 9:18 PM Peter Korsgaard <peter@korsgaard.com> wrote:
>
> >>>>> "Scott" == Scott Fan <fancp2007@gmail.com> writes:
>
> > Sorry, i thought it would always follow the upstream.
>
> We normally do, but given that there is no added value for !windows, I
> haven't done the work to update the LTS. Normally it would be taken care
> of once the next update comes out with Linux fixes, but that is unlikely
> to happen for 1.1.1 given that it is EOL.
>
> But if you like to have 1.1.1w then that is fine by me, please send a
> patch.
>
> --
> Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [Buildroot] [PATCH] package/libopenssl: bump to version 1.1.1w
2023-11-01 1:58 ` [Buildroot] [PATCH] package/libopenssl: bump to version 1.1.1w Scott Fan
@ 2023-11-07 16:50 ` Peter Korsgaard
0 siblings, 0 replies; 10+ messages in thread
From: Peter Korsgaard @ 2023-11-07 16:50 UTC (permalink / raw)
To: Scott Fan; +Cc: buildroot
>>>>> "Scott" == Scott Fan <fancp2007@gmail.com> writes:
> This maybe the last patch for OpenSSL 1.1.1 LTS, it had reached
> end-of-life on 2023-09-11.
> Signed-off-by: Scott Fan <fancp2007@gmail.com>
Committed to 2023.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2023-11-07 16:50 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-10-26 18:19 [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.1.4 Bernd Kuhls
2023-10-29 8:45 ` Yann E. MORIN
2023-10-31 7:52 ` Peter Korsgaard
2023-10-31 9:00 ` Scott Fan
2023-10-31 9:48 ` Peter Korsgaard
2023-10-31 11:08 ` Scott Fan
2023-10-31 12:34 ` Peter Korsgaard
2023-11-01 1:58 ` [Buildroot] [PATCH] package/libopenssl: bump to version 1.1.1w Scott Fan
2023-11-07 16:50 ` Peter Korsgaard
2023-11-01 2:01 ` [Buildroot] [PATCH 1/1] package/libopenssl: security bump version to 3.1.4 Scott Fan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox