Security fix release. Plugs CVEs CVE-2024-12797: RFC7250 handshakes with unauthenticated servers don't abort as expected. CVE-2024-13176: Timing side-channel in ECDSA signature computation.
* Forward patches. Applies cleanly. Signed-off-by: Christian Melki <[email protected]> --- .../0001-debian-targets.patch | 0 patches/{openssl-3.4.0 => openssl-3.4.1}/0002-pic.patch | 0 ...Configure-allow-to-enable-ktls-if-target-does-not-st.patch | 0 .../0004-conf-Serialize-allocation-free-of-ssl_names.patch | 0 ...Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch | 0 patches/{openssl-3.4.0 => openssl-3.4.1}/series | 0 rules/openssl.make | 4 ++-- 7 files changed, 2 insertions(+), 2 deletions(-) rename patches/{openssl-3.4.0 => openssl-3.4.1}/0001-debian-targets.patch (100%) rename patches/{openssl-3.4.0 => openssl-3.4.1}/0002-pic.patch (100%) rename patches/{openssl-3.4.0 => openssl-3.4.1}/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch (100%) rename patches/{openssl-3.4.0 => openssl-3.4.1}/0004-conf-Serialize-allocation-free-of-ssl_names.patch (100%) rename patches/{openssl-3.4.0 => openssl-3.4.1}/0005-Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch (100%) rename patches/{openssl-3.4.0 => openssl-3.4.1}/series (100%) diff --git a/patches/openssl-3.4.0/0001-debian-targets.patch b/patches/openssl-3.4.1/0001-debian-targets.patch similarity index 100% rename from patches/openssl-3.4.0/0001-debian-targets.patch rename to patches/openssl-3.4.1/0001-debian-targets.patch diff --git a/patches/openssl-3.4.0/0002-pic.patch b/patches/openssl-3.4.1/0002-pic.patch similarity index 100% rename from patches/openssl-3.4.0/0002-pic.patch rename to patches/openssl-3.4.1/0002-pic.patch diff --git a/patches/openssl-3.4.0/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch b/patches/openssl-3.4.1/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch similarity index 100% rename from patches/openssl-3.4.0/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch rename to patches/openssl-3.4.1/0003-Configure-allow-to-enable-ktls-if-target-does-not-st.patch diff --git a/patches/openssl-3.4.0/0004-conf-Serialize-allocation-free-of-ssl_names.patch b/patches/openssl-3.4.1/0004-conf-Serialize-allocation-free-of-ssl_names.patch similarity index 100% rename from patches/openssl-3.4.0/0004-conf-Serialize-allocation-free-of-ssl_names.patch rename to patches/openssl-3.4.1/0004-conf-Serialize-allocation-free-of-ssl_names.patch diff --git a/patches/openssl-3.4.0/0005-Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch b/patches/openssl-3.4.1/0005-Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch similarity index 100% rename from patches/openssl-3.4.0/0005-Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch rename to patches/openssl-3.4.1/0005-Configure-drop-fzero-call-used-regs-used-gpr-from-De.patch diff --git a/patches/openssl-3.4.0/series b/patches/openssl-3.4.1/series similarity index 100% rename from patches/openssl-3.4.0/series rename to patches/openssl-3.4.1/series diff --git a/rules/openssl.make b/rules/openssl.make index 309816b99..7ff3f8086 100644 --- a/rules/openssl.make +++ b/rules/openssl.make @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl # # Paths and names # -OPENSSL_VERSION := 3.4.0 -OPENSSL_MD5 := 34733f7be2d60ecd8bd9ddb796e182af +OPENSSL_VERSION := 3.4.1 +OPENSSL_MD5 := fb7a747ac6793a7ad7118eaba45db379 OPENSSL := openssl-$(OPENSSL_VERSION) OPENSSL_SUFFIX := tar.gz OPENSSL_URL := \ -- 2.34.1
