FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F14.3.0 2025-03-25T21:07:59Z 2025-03-25T21:07:59Z Enji Cooper ngie@FreeBSD.org 2025-03-06T18:07:54Z urn:sha1:0d61082e3c64a43f52ec5f1bf3d85671d97d9514 MFC after: 1 week MFC with: 0d0c8621fd181e507f0fb50ffcca606faf66a8c2 Differential Revision: https://reviews.freebsd.org/D49297 (cherry picked from commit d2a55e6a9348bb55038dbc6b727ab041085f22db) 2024-09-28T03:50:47Z Enji Cooper ngie@FreeBSD.org 2024-09-08T04:30:17Z urn:sha1:cc43f991ab3e46ec16f3f1395160805f01bf932e This release incorporates the following bug fixes and mitigations: - Fixed possible denial of service in X.509 name checks ([CVE-2024-6119]) - Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535]) Release notes can be found at: https://openssl-library.org/news/openssl-3.0-notes/index.html Co-authored-by: gordon MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D46602 Merge commit '108164cf95d9594884c2dcccba2691335e6f221b' (cherry picked from commit a7148ab39c03abd4d1a84997c70bf96f15dd2a09) Update config/build info for OpenSSL 3.0.15 This is a companion commit to the OpenSSL 3.0.15 update. `opensslv.h` was regenerated via the following process: ``` cd crypto/openssl ./config git reset --hard gmake include/openssl/opensslv.h ``` `Makefile.inc` has been updated to match. MFC after: 1 week MFC with: a7148ab39c03abd4d1a84997c70bf96f15dd2a09 Differential Revision: https://reviews.freebsd.org/D46603 (cherry picked from commit cc717b574d7faa2e0b2de1a985076286cef74187) sys/crypto/openssl: update powerpc* ASM This change updates the crypto powerpc* ASM via the prescribed process documented in `crypto/openssl/FREEBSD-upgrade`. This change syncs the ASM with 3.0.15's generated ASM. MFC after: 1 week MFC with: a7148ab39c03abd4d1a84997c70bf96f15dd2a09 MFC with: cc717b574d7faa2e0b2de1a985076286cef74187 Differential Revision: https://reviews.freebsd.org/D46604 (cherry picked from commit 77864b545b0aaa91bc78b1156c477825007a6233) 2024-09-07T04:17:19Z Gordon Tetlow gordon@FreeBSD.org 2024-08-04T21:10:46Z urn:sha1:3d8501d90e246602a6343a760f6ac8d9e2730306 To comply with FIPS 140 guidance, you must be using a specifically validated and approved version of the fips module. Currently, only OpenSSL 3.0.8 and 3.0.9 have been approved by NIST for FIPS 140 validation. As such, we need to stop shipping later versions of the module in the base system. Differential Revision: https://reviews.freebsd.org/D46223 (cherry picked from commit 86dd740dd73aa88477ff450b2359abda1ad68534) 2024-06-29T20:29:19Z Enji Cooper ngie@FreeBSD.org 2024-06-26T23:41:47Z urn:sha1:dd43e907c7c0caec8867e42fa1fcfea4ac4c87f6 This is a companion commit to the OpenSSL 3.0.14 update. MFC after: 3 days MFC with: 44096ebd22ddd0081a357011714eff8963614b65 (cherry picked from commit 303596eac3f5a7fed63f1084028d811919d37eaf) 2024-03-29T13:53:05Z Mark Johnston markj@FreeBSD.org 2023-12-04T17:29:11Z urn:sha1:0b9dffed30bad28cf9b9d356480f38065db3051f OpenSSL itself keeps only a single copy of this header. Do the same in sys/crypto/openssl to avoid the extra maintenance burden. This requires adjusting the include paths for generated asm files. No functional change intended. Reported by: jrtc27 Reviewed by: jhb MFC after: 3 months Differential Revision: https://reviews.freebsd.org/D42866 (cherry picked from commit e655cc70dfcda5cfedb5a1d9bef1e87d55519f64) 2024-02-05T16:06:08Z Cy Schubert cy@FreeBSD.org 2024-02-03T00:34:36Z urn:sha1:e72329a4e8a57c49334377670151ce77776abf74 Reported by: "Herbert J. Skuhra" <herbert@gojira.at> Fixes: 9eb4e0b42d7c (cherry picked from commit 74fe298c8299fdb8c8f761728ddd245b0c3fe04a) 2023-10-25T20:20:31Z Ed Maste emaste@FreeBSD.org 2023-10-24T18:55:56Z urn:sha1:e833378cf9589171562ccad4c6ff59c3713770bd OpenSSL 3.0.12 addresses: * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters that alter the key or IV length ([CVE-2023-5363]). Relnotes: Yes Sponsored by: The FreeBSD Foundation (cherry picked from commit ad991e4c142ebabad7aef488ad97b189ecabb270) (cherry picked from commit 575878a533823aa3e5bab715928d9cdffbc4dcbc) 2023-10-25T18:32:49Z Andrew Turner andrew@FreeBSD.org 2023-09-22T11:34:08Z urn:sha1:5b413daf3a3b67d2d499256907883a96d7c4d13c It may be needed when it's updated so is best to keep in sync with the assembly files. Reviewed by: emaste Sponsored by: Arm Ltd Differential Revision: https://reviews.freebsd.org/D41938 (cherry picked from commit c97a82d4a4a0288ed2a456f4ce41d57483724f17) 2023-10-12T18:46:11Z Pierre Pronchery pierre@freebsdfoundation.org 2023-10-09T19:00:25Z urn:sha1:bbecb0ff6c9e2fc05c096ce2ca5387df0d8e99fe OpenSSL 3.0.11 addresses: POLY1305 MAC implementation corrupts XMM registers on Windows (CVE-2023-4807) Relnotes: Yes Pull request: https://github.com/freebsd/freebsd-src/pull/852 Sponsored by: The FreeBSD Foundation (cherry picked from commit 6f1af0d7d2af54b339b5212434cd6d4fda628d80) 2023-09-24T13:17:43Z Pierre Pronchery pierre@freebsdfoundation.org 2023-09-21T11:42:06Z urn:sha1:ab64f100ca5ddd37029695646003abaf49c3065e When importing OpenSSL 3 in base, some but not all source files implementing the deprecated 0.9.8 API were imported. With this change, it becomes possible again to compile software targeting this API. PR: 272220 Fixes: b077aed33b7b ("Merge OpenSSL 3.0.9") Reviewed by: emaste Sponsored by: The FreeBSD Foundation Pull Request: https://github.com/freebsd/freebsd-src/pull/851 (cherry picked from commit b15b39521644ebffdcc091bd283ed410b0ae9274)