Page MenuHomeFreeBSD

openssl: Vendor import of OpenSSL 3.0.11
ClosedPublic

Authored by khorben_defora.org on Sep 22 2023, 3:17 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Nov 20, 9:05 AM
Unknown Object (File)
Tue, Nov 12, 7:39 PM
Unknown Object (File)
Tue, Nov 5, 9:20 PM
Unknown Object (File)
Oct 26 2024, 2:43 AM
Unknown Object (File)
Sep 27 2024, 7:43 AM
Unknown Object (File)
Sep 24 2024, 2:43 PM
Unknown Object (File)
Sep 12 2024, 9:02 AM
Unknown Object (File)
Sep 8 2024, 10:06 PM
Subscribers

Details

Summary

Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11:

  • Fix POLY1305 MAC implementation corrupting XMM registers on Windows ([CVE-2023-4807])

Release notes can otherwise be found at https://www.openssl.org/news/openssl-3.0-notes.html.

Obtained from: https://www.openssl.org/source/openssl-3.0.11.tar.gz
Sponsored by: The FreeBSD Foundation

Test Plan
$ git status
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.

nothing to commit, working tree clean
$ OSSLVER=3.0.11
$ XLIST=FREEBSD-Xlist
$ (cd ..; fetch https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc)
openssl-3.0.11.tar.gz                                   14 MB   17 MBps    01s
openssl-3.0.11.tar.gz.asc                              833  B 8301 kBps    00s
$ gpg --list-keys
/home/khorben/.gnupg/pubring.kbx
--------------------------------
pub   rsa4096 2011-03-01 [SCA]
DC34EE5DB2417BCC151E5100E5F8F8212F77A498
uid           [ unknown] Willem Toorop <willem@nlnetlabs.nl>
sub   rsa4096 2011-03-01 [E]

pub   rsa4096 2014-10-04 [SC] [expires: 2024-01-30]
EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
uid           [ unknown] OpenSSL security team <openssl-security@openssl.org>
uid           [ unknown] OpenSSL OMC <openssl-omc@openssl.org>
uid           [ unknown] OpenSSL Security <openssl-security@openssl.org>
sub   rsa4096 2014-10-04 [E] [expires: 2024-01-30]

$ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz
gpg: Signature made Tue Sep 19 15:02:51 2023 CEST
gpg:                using RSA key EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
gpg: Good signature from "OpenSSL security team <openssl-security@openssl.org>" [unknown]
gpg:                 aka "OpenSSL OMC <openssl-omc@openssl.org>" [unknown]
gpg:                 aka "OpenSSL Security <openssl-security@openssl.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EFC0 A467 D613 CB83 C7ED  6D30 D894 E2CE 8B3D 79F5
$ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C ..
$ rsync --exclude FREEBSD.* --delete -av ../openssl-${OSSLVER}/* .
[...]
$ diff -arq ../openssl-${OSSLVER}  .
Only in .: .git
Only in .: FREEBSD-Xlist
Only in .: FREEBSD-upgrade
Only in .: appveyor.yml
$ git status FREEBSD*
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.

nothing to commit, working tree clean

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped