-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL: update to 3.0.11 #852
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11: * Fix POLY1305 MAC implementation corrupting XMM registers on Windows ([CVE-2023-4807]) Release notes can otherwise be found at https://www.openssl.org/news/openssl-3.0-notes.html. Obtained from: https://www.openssl.org/source/openssl-3.0.11.tar.gz Sponsored by: The FreeBSD Foundation Test Plan: ``` $ git status On branch vendor/openssl-3.0 Your branch is up to date with 'origin/vendor/openssl-3.0'. nothing to commit, working tree clean $ OSSLVER=3.0.11 $ XLIST=FREEBSD-Xlist $ (cd ..; fetch https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc) openssl-3.0.11.tar.gz 14 MB 17 MBps 01s openssl-3.0.11.tar.gz.asc 833 B 8301 kBps 00s $ gpg --list-keys /home/khorben/.gnupg/pubring.kbx -------------------------------- pub rsa4096 2011-03-01 [SCA] DC34EE5DB2417BCC151E5100E5F8F8212F77A498 uid [ unknown] Willem Toorop <willem@nlnetlabs.nl> sub rsa4096 2011-03-01 [E] pub rsa4096 2014-10-04 [SC] [expires: 2024-01-30] EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 uid [ unknown] OpenSSL security team <openssl-security@openssl.org> uid [ unknown] OpenSSL OMC <openssl-omc@openssl.org> uid [ unknown] OpenSSL Security <openssl-security@openssl.org> sub rsa4096 2014-10-04 [E] [expires: 2024-01-30] $ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz gpg: Signature made Tue Sep 19 15:02:51 2023 CEST gpg: using RSA key EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5 gpg: Good signature from "OpenSSL security team <openssl-security@openssl.org>" [unknown] gpg: aka "OpenSSL OMC <openssl-omc@openssl.org>" [unknown] gpg: aka "OpenSSL Security <openssl-security@openssl.org>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5 $ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C .. $ rsync --exclude FREEBSD.* --delete -av ../openssl-${OSSLVER}/* . [...] $ diff -arq ../openssl-${OSSLVER} . Only in .: .git Only in .: FREEBSD-Xlist Only in .: FREEBSD-upgrade Only in .: appveyor.yml $ git status FREEBSD* On branch vendor/openssl-3.0 Your branch is up to date with 'origin/vendor/openssl-3.0'. nothing to commit, working tree clean ```
khorben
force-pushed
the
khorben/openssl-3.0.11
branch
from
September 25, 2023 15:38
28ea8b1
to
06acbc8
Compare
emaste
pushed a commit
to emaste/freebsd
that referenced
this pull request
Oct 9, 2023
OpenSSL 3.0.11 addresses: POLY1305 MAC implementation corrupts XMM registers on Windows (CVE-2023-4807) Relnotes: Yes Pull request: freebsd#852 Sponsored by: The FreeBSD Foundation
freebsd-git
pushed a commit
that referenced
this pull request
Oct 9, 2023
OpenSSL 3.0.11 addresses: POLY1305 MAC implementation corrupts XMM registers on Windows (CVE-2023-4807) Relnotes: Yes Pull request: #852 Sponsored by: The FreeBSD Foundation
freebsd-git
pushed a commit
that referenced
this pull request
Oct 12, 2023
OpenSSL 3.0.11 addresses: POLY1305 MAC implementation corrupts XMM registers on Windows (CVE-2023-4807) Relnotes: Yes Pull request: #852 Sponsored by: The FreeBSD Foundation (cherry picked from commit 6f1af0d)
freebsd-git
pushed a commit
that referenced
this pull request
Oct 13, 2023
OpenSSL 3.0.11 addresses: POLY1305 MAC implementation corrupts XMM registers on Windows (CVE-2023-4807) Relnotes: Yes Pull request: #852 Sponsored by: The FreeBSD Foundation (cherry picked from commit 6f1af0d) (cherry picked from commit bbecb0f) Approved by: re (gjb)
bsdjhb
pushed a commit
to bsdjhb/cheribsd
that referenced
this pull request
Feb 8, 2024
OpenSSL 3.0.11 addresses: POLY1305 MAC implementation corrupts XMM registers on Windows (CVE-2023-4807) Relnotes: Yes Pull request: freebsd/freebsd-src#852 Sponsored by: The FreeBSD Foundation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
OpenSSL 3.0.11 addresses:
This also adds instructions in
crypto/openssl/FREEBSD-upgrade
to help with subsequent updates.Sponsored by: The FreeBSD Foundation