Update OpenSSL to version 3.0.10 in the base system #808
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
khorben
force-pushed
the
khorben/openssl-3.0.10
branch
from
4fef327
to
c18c4fe
Compare
Summary: Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html . Obtained from: https://www.openssl.org/source/openssl-3.0.10.tar.gz Test Plan: ``` $ git status On branch vendor/openssl-3.0 Your branch is up to date with 'origin/vendor/openssl-3.0'. nothing to commit, working tree clean $ (cd ..; fetch https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.10.tar.gz 14 MB 15 MBps 01s openssl-3.0.10.tar.gz.asc 833 B 11 MBps 00s $ set | egrep '(XLIST|OSSLVER)=' OSSLVER=3.0.10 XLIST=FREEBSD-Xlist $ gpg --list-keys /home/khorben/.gnupg/pubring.kbx -------------------------------- pub rsa4096 2011-03-01 [SCA] DC34EE5DB2417BCC151E5100E5F8F8212F77A498 uid [ unknown] Willem Toorop <willem@nlnetlabs.nl> sub rsa4096 2011-03-01 [E] pub rsa4096 2014-10-04 [SC] [expires: 2024-01-30] EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 uid [ unknown] OpenSSL security team <openssl-security@openssl.org> uid [ unknown] OpenSSL OMC <openssl-omc@openssl.org> uid [ unknown] OpenSSL Security <openssl-security@openssl.org> sub rsa4096 2014-10-04 [E] [expires: 2024-01-30] $ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz gpg: Signature made Tue Aug 1 15:47:28 2023 CEST gpg: using RSA key EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 gpg: Good signature from "OpenSSL security team <openssl-security@openssl.org>" [unknown] gpg: aka "OpenSSL OMC <openssl-omc@openssl.org>" [unknown] gpg: aka "OpenSSL Security <openssl-security@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5 $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* . [...] $ diff -arq ../openssl-${OSSLVER} . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade $ git status FREEBSD* On branch vendor/openssl-3.0 Your branch is up to date with 'origin/vendor/openssl-3.0'. nothing to commit, working tree clean ``` Subscribers: imp Differential Revision: https://reviews.freebsd.org/D41293
Sponsored by: The FreeBSD Foundation
Sponsored by: The FreeBSD Foundation
Sponsored by: The FreeBSD Foundation
khorben
force-pushed
the
khorben/openssl-3.0.10
branch
from
c18c4fe
to
a7641ec
Compare
emaste
pushed a commit
to emaste/freebsd
that referenced
this pull request
Aug 10, 2023
OpenSSL 3.0.10 addresses: - CVE-2023-3817 - CVE-2023-3446 - CVE-2023-2975 (Note that the vendor branch commit incorrectly referenced 3.0.9.) Relnotes: Yes Pull request: freebsd#808 Sponsored by: The FreeBSD Foundation
freebsd-git
pushed a commit
that referenced
this pull request
Aug 10, 2023
OpenSSL 3.0.10 addresses: - CVE-2023-3817 - CVE-2023-3446 - CVE-2023-2975 (Note that the vendor branch commit incorrectly referenced 3.0.9.) Relnotes: Yes Pull request: #808 Sponsored by: The FreeBSD Foundation
bsdjhb
pushed a commit
to bsdjhb/cheribsd
that referenced
this pull request
Sep 8, 2023
OpenSSL 3.0.10 addresses: - CVE-2023-3817 - CVE-2023-3446 - CVE-2023-2975 (Note that the vendor branch commit incorrectly referenced 3.0.9.) Relnotes: Yes Pull request: freebsd/freebsd-src#808 Sponsored by: The FreeBSD Foundation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This branch depends on the vendor update of OpenSSL 3.0.10. (See D41293 in Phabricator)
This is known to fix the following CVEs in OpenSSL 3.0.10:
The manual pages were re-generated and reflect the new version.
The assembly files were re-generated, but no changes were found. One entry was found to be missing in
Makefile.asmthough.Sponsored by: The FreeBSD Foundation