Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
OpenWrt
/
openwrt
-ын хуулбар https://github.com/openwrt/openwrt.git
2
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Эх сурвалжийг харах

openssl: update to 3.0.13

Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024]

  * Fixed PKCS12 Decoding crashes
    ([CVE-2024-0727])
  * Fixed Excessive time spent checking invalid RSA public keys
    ([CVE-2023-6237])
  * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
    CPUs which support PowerISA 2.07
    ([CVE-2023-6129])
  * Fix excessive time spent in DH check / generation with large Q parameter
    value ([CVE-2023-5678])

Signed-off-by: Ivan Pavlov <[email protected]>
Ivan Pavlov 1 жил өмнө
parent
7eee094f01
commit
44cd90c49a
3 өөрчлөгдсөн 6 нэмэгдсэн , 6 устгасан
Өөрчлөлтийг ялгаж харах Өөрчлөлтийн статистик харах
  1. 2 2
      package/libs/openssl/Makefile
  2. 1 1
      package/libs/openssl/patches/100-Configure-afalg-support.patch
  3. 3 3
      package/libs/openssl/patches/140-allow-prefer-chacha20.patch

+ 2 - 2
package/libs/openssl/Makefile
Файл харах 

@@ -8,7 +8,7 @@
 
 include $(TOPDIR)/rules.mk
 
 
 PKG_NAME:=openssl
 
-PKG_VERSION:=3.0.12
 
+PKG_VERSION:=3.0.13
 
 PKG_RELEASE:=1
 
 PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto
 
 
@@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \
 
 	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
 
 	ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/
 
 
-PKG_HASH:=f93c9e8edde5e9166119de31755fc87b4aa34863662f67ddfcba14d0b6b69b61
 
+PKG_HASH:=88525753f79d3bec27d2fa7c66aa0b92b3aa9498dafd93d7cfa4b3780cdae313
 
 
 PKG_LICENSE:=Apache-2.0
 
 PKG_LICENSE_FILES:=LICENSE

+ 1 - 1
package/libs/openssl/patches/100-Configure-afalg-support.patch
Файл харах 

@@ -10,7 +10,7 @@ Signed-off-by: Eneas U de Queiroz <[email protected]>
 
 
 --- a/Configure
 
 +++ b/Configure
 
-@@ -1674,7 +1674,9 @@ $config{CFLAGS} = [ map { $_ eq '--ossl-
 
+@@ -1677,7 +1677,9 @@ $config{CFLAGS} = [ map { $_ eq '--ossl-
 
  
  unless ($disabled{afalgeng}) {
 
      $config{afalgeng}="";

+ 3 - 3
package/libs/openssl/patches/140-allow-prefer-chacha20.patch
Файл харах 

@@ -16,7 +16,7 @@ Signed-off-by: Eneas U de Queiroz <[email protected]>
 
 
 --- a/ssl/ssl_ciph.c
 
 +++ b/ssl/ssl_ciph.c
 
-@@ -1505,11 +1505,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
 
+@@ -1506,11 +1506,29 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
 
      ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
 
                            &tail);
 
  
@@ -46,7 +46,7 @@ Signed-off-by: Eneas U de Queiroz <[email protected]>
 
  
      /*
 
       * ...and generally, our preferred cipher is AES.
 
-@@ -1564,7 +1582,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
 
+@@ -1565,7 +1583,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
 
       * Within each group, ciphers remain sorted by strength and previous
 
       * preference, i.e.,
 
       * 1) ECDHE > DHE
 
@@ -55,7 +55,7 @@ Signed-off-by: Eneas U de Queiroz <[email protected]>
 
       * 3) AES > rest
 
       * 4) TLS 1.2 > legacy
 
       *
 
-@@ -2235,7 +2253,13 @@ const char *OSSL_default_cipher_list(voi
 
+@@ -2236,7 +2254,13 @@ const char *OSSL_default_cipher_list(voi
 
   */
 
  const char *OSSL_default_ciphersuites(void)
 
  {