Date: Wed, 31 Jan 2024 19:20:27 GMT From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: b3c79c1b875b - main - security/openssl32: Security update to 3.2.1 Message-ID: <202401311920.40VJKRVU040560@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=b3c79c1b875b6e185ace1f342bd33b33630a0aff commit b3c79c1b875b6e185ace1f342bd33b33630a0aff Author: Bernard Spil <brnrd@FreeBSD.org> AuthorDate: 2024-01-31 19:20:05 +0000 Commit: Bernard Spil <brnrd@FreeBSD.org> CommitDate: 2024-01-31 19:20:05 +0000 security/openssl32: Security update to 3.2.1 * Note that this is a security rollup of four previously reported CVEs Security: 10dee731-c069-11ee-9190-84a93843eb75 Security: 8337251b-b07b-11ee-b0d7-84a93843eb75 Security: a5956603-7e4f-11ee-9df6-84a93843eb75 MFH: 2024Q1 --- security/openssl32/Makefile | 3 +- security/openssl32/distinfo | 6 +- security/openssl32/files/patch-CVE-2023-6129 | 109 --------------------------- 3 files changed, 4 insertions(+), 114 deletions(-) diff --git a/security/openssl32/Makefile b/security/openssl32/Makefile index aabf7567438b..6c69351e00df 100644 --- a/security/openssl32/Makefile +++ b/security/openssl32/Makefile @@ -1,6 +1,5 @@ PORTNAME= openssl -DISTVERSION= 3.2.0 -PORTREVISION= 1 +DISTVERSION= 3.2.1 CATEGORIES= security devel MASTER_SITES= https://www.openssl.org/source/ \ ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/ diff --git a/security/openssl32/distinfo b/security/openssl32/distinfo index 73610bcd15da..255495588e99 100644 --- a/security/openssl32/distinfo +++ b/security/openssl32/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1700923402 -SHA256 (openssl-3.2.0.tar.gz) = 14c826f07c7e433706fb5c69fa9e25dab95684844b4c962a2cf1bf183eb4690e -SIZE (openssl-3.2.0.tar.gz) = 17698352 +TIMESTAMP = 1706727853 +SHA256 (openssl-3.2.1.tar.gz) = 83c7329fe52c850677d75e5d0b0ca245309b97e8ecbcfdc1dfdc4ab9fac35b39 +SIZE (openssl-3.2.1.tar.gz) = 17733249 diff --git a/security/openssl32/files/patch-CVE-2023-6129 b/security/openssl32/files/patch-CVE-2023-6129 deleted file mode 100644 index ff1ca585564d..000000000000 --- a/security/openssl32/files/patch-CVE-2023-6129 +++ /dev/null @@ -1,109 +0,0 @@ -From 5b139f95c9a47a55a0c54100f3837b1eee942b04 Mon Sep 17 00:00:00 2001 -From: Rohan McLure <rmclure@linux.ibm.com> -Date: Thu, 4 Jan 2024 10:25:50 +0100 -Subject: [PATCH] poly1305-ppc.pl: Fix vector register clobbering - -Fixes CVE-2023-6129 - -The POLY1305 MAC (message authentication code) implementation in OpenSSL for -PowerPC CPUs saves the the contents of vector registers in different order -than they are restored. Thus the contents of some of these vector registers -is corrupted when returning to the caller. The vulnerable code is used only -on newer PowerPC processors supporting the PowerISA 2.07 instructions. - -Reviewed-by: Matt Caswell <matt@openssl.org> -Reviewed-by: Richard Levitte <levitte@openssl.org> -Reviewed-by: Tomas Mraz <tomas@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/23200) - -(cherry picked from commit 8d847a3ffd4f0b17ee33962cf69c36224925b34f) ---- - crypto/poly1305/asm/poly1305-ppc.pl | 42 ++++++++++++++--------------- - 1 file changed, 21 insertions(+), 21 deletions(-) - -diff --git a/crypto/poly1305/asm/poly1305-ppc.pl b/crypto/poly1305/asm/poly1305-ppc.pl -index 9f86134d923fb..2e601bb9c24be 100755 ---- crypto/poly1305/asm/poly1305-ppc.pl.orig -+++ crypto/poly1305/asm/poly1305-ppc.pl -@@ -744,7 +744,7 @@ - my $LOCALS= 6*$SIZE_T; - my $VSXFRAME = $LOCALS + 6*$SIZE_T; - $VSXFRAME += 128; # local variables -- $VSXFRAME += 13*16; # v20-v31 offload -+ $VSXFRAME += 12*16; # v20-v31 offload - - my $BIG_ENDIAN = ($flavour !~ /le/) ? 4 : 0; - -@@ -919,12 +919,12 @@ - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 -- stvx v23,r10,$sp -- addi r10,r10,32 -- stvx v24,r11,$sp -+ stvx v23,r11,$sp - addi r11,r11,32 -- stvx v25,r10,$sp -+ stvx v24,r10,$sp - addi r10,r10,32 -+ stvx v25,r11,$sp -+ addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp -@@ -1153,12 +1153,12 @@ - addi r11,r11,32 - stvx v22,r10,$sp - addi r10,r10,32 -- stvx v23,r10,$sp -- addi r10,r10,32 -- stvx v24,r11,$sp -+ stvx v23,r11,$sp - addi r11,r11,32 -- stvx v25,r10,$sp -+ stvx v24,r10,$sp - addi r10,r10,32 -+ stvx v25,r11,$sp -+ addi r11,r11,32 - stvx v26,r10,$sp - addi r10,r10,32 - stvx v27,r11,$sp -@@ -1899,26 +1899,26 @@ - mtspr 256,r12 # restore vrsave - lvx v20,r10,$sp - addi r10,r10,32 -- lvx v21,r10,$sp -- addi r10,r10,32 -- lvx v22,r11,$sp -+ lvx v21,r11,$sp - addi r11,r11,32 -- lvx v23,r10,$sp -+ lvx v22,r10,$sp - addi r10,r10,32 -- lvx v24,r11,$sp -+ lvx v23,r11,$sp - addi r11,r11,32 -- lvx v25,r10,$sp -+ lvx v24,r10,$sp - addi r10,r10,32 -- lvx v26,r11,$sp -+ lvx v25,r11,$sp - addi r11,r11,32 -- lvx v27,r10,$sp -+ lvx v26,r10,$sp - addi r10,r10,32 -- lvx v28,r11,$sp -+ lvx v27,r11,$sp - addi r11,r11,32 -- lvx v29,r10,$sp -+ lvx v28,r10,$sp - addi r10,r10,32 -- lvx v30,r11,$sp -- lvx v31,r10,$sp -+ lvx v29,r11,$sp -+ addi r11,r11,32 -+ lvx v30,r10,$sp -+ lvx v31,r11,$sp - $POP r27,`$VSXFRAME-$SIZE_T*5`($sp) - $POP r28,`$VSXFRAME-$SIZE_T*4`($sp) - $POP r29,`$VSXFRAME-$SIZE_T*3`($sp)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202401311920.40VJKRVU040560>