openssl: bump to 1.1.1s
authorJohn Audia <therealgraysky@proton.me>
Thu, 3 Nov 2022 13:27:49 +0000 (09:27 -0400)
committerDaniel Golle <daniel@makrotopia.org>
Sat, 5 Nov 2022 14:07:46 +0000 (14:07 +0000)
commita0814f04ed955eb10b25df0ce6666ed91f11ca1b
tree23016a65f16c01d64449a1a94b046e38cdb0fb81
parentbef3699ad5f6a5d41570b9c45b702ceb2c03f129
openssl: bump to 1.1.1s

Changes between 1.1.1r and 1.1.1s [1 Nov 2022]

  *) Fixed a regression introduced in 1.1.1r version not refreshing the
     certificate data to be signed before signing the certificate.
     [Gibeom Gwon]

 Changes between 1.1.1q and 1.1.1r [11 Oct 2022]

  *) Fixed the linux-mips64 Configure target which was missing the
     SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
     platform.
     [Adam Joseph]

  *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
     causing incorrect results in some cases as a result.
     [Paul Dale]

  *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
     report correct results in some cases
     [Matt Caswell]

  *) Fixed a regression introduced in 1.1.1o for re-signing certificates with
     different key sizes
     [Todd Short]

  *) Added the loongarch64 target
     [Shi Pujin]

  *) Fixed a DRBG seed propagation thread safety issue
     [Bernd Edlinger]

  *) Fixed a memory leak in tls13_generate_secret
     [Bernd Edlinger]

  *) Fixed reported performance degradation on aarch64. Restored the
     implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
     32-bit lane assignment in CTR mode") for 64bit targets only, since it is
     reportedly 2-17% slower and the silicon errata only affects 32bit targets.
     The new algorithm is still used for 32 bit targets.
     [Bernd Edlinger]

  *) Added a missing header for memcmp that caused compilation failure on some
     platforms
     [Gregor Jasny]

Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B

Signed-off-by: John Audia <therealgraysky@proton.me>
14 files changed:
package/libs/openssl/Makefile
package/libs/openssl/patches/001-crypto-perlasm-ppc-xlate.pl-add-linux64v2-flavour.patch
package/libs/openssl/patches/100-Configure-afalg-support.patch
package/libs/openssl/patches/110-openwrt_targets.patch
package/libs/openssl/patches/120-strip-cflags-from-binary.patch
package/libs/openssl/patches/130-dont-build-tests-fuzz.patch
package/libs/openssl/patches/140-allow-prefer-chacha20.patch
package/libs/openssl/patches/150-openssl.cnf-add-engines-conf.patch
package/libs/openssl/patches/400-eng_devcrypto-save-ioctl-if-EVP_MD_.FLAG_ONESHOT.patch
package/libs/openssl/patches/410-eng_devcrypto-add-configuration-options.patch
package/libs/openssl/patches/420-eng_devcrypto-add-command-to-dump-driver-info.patch
package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch
package/libs/openssl/patches/500-e_devcrypto-default-to-not-use-digests-in-engine.patch
package/libs/openssl/patches/510-e_devcrypto-ignore-error-when-closing-session.patch