HomeFreeBSD

openssl: Vendor import of OpenSSL 3.0.11

Description

openssl: Vendor import of OpenSSL 3.0.11

Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11:

  • Fix POLY1305 MAC implementation corrupting XMM registers on Windows ([CVE-2023-4807])

Release notes can otherwise be found at
https://www.openssl.org/news/openssl-3.0-notes.html.

Obtained from: https://www.openssl.org/source/openssl-3.0.11.tar.gz
Sponsored by: The FreeBSD Foundation

Test Plan:

$ git status
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.

nothing to commit, working tree clean
$ OSSLVER=3.0.11
$ XLIST=FREEBSD-Xlist
$ (cd ..; fetch https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz https://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc)
openssl-3.0.11.tar.gz                                   14 MB   17 MBps    01s
openssl-3.0.11.tar.gz.asc                              833  B 8301 kBps    00s
$ gpg --list-keys
/home/khorben/.gnupg/pubring.kbx
--------------------------------
pub   rsa4096 2011-03-01 [SCA]
  DC34EE5DB2417BCC151E5100E5F8F8212F77A498
uid           [ unknown] Willem Toorop <willem@nlnetlabs.nl>
sub   rsa4096 2011-03-01 [E]

pub   rsa4096 2014-10-04 [SC] [expires: 2024-01-30]
  EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
uid           [ unknown] OpenSSL security team <openssl-security@openssl.org>
uid           [ unknown] OpenSSL OMC <openssl-omc@openssl.org>
uid           [ unknown] OpenSSL Security <openssl-security@openssl.org>
sub   rsa4096 2014-10-04 [E] [expires: 2024-01-30]

$ gpg --verify ../openssl-${OSSLVER}.tar.gz.asc ../openssl-${OSSLVER}.tar.gz
gpg: Signature made Tue Sep 19 15:02:51 2023 CEST
gpg:                using RSA key EFC0A467D613CB83C7ED6D30D894E2CE8B3D79F5
gpg: Good signature from "OpenSSL security team <openssl-security@openssl.org>" [unknown]
gpg:                 aka "OpenSSL OMC <openssl-omc@openssl.org>" [unknown]
gpg:                 aka "OpenSSL Security <openssl-security@openssl.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: EFC0 A467 D613 CB83 C7ED  6D30 D894 E2CE 8B3D 79F5
$ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C ..
$ rsync --exclude FREEBSD.* --delete -av ../openssl-${OSSLVER}/* .
[...]
$ diff -arq ../openssl-${OSSLVER}  .
Only in .: .git
Only in .: FREEBSD-Xlist
Only in .: FREEBSD-upgrade
Only in .: appveyor.yml
$ git status FREEBSD*
On branch vendor/openssl-3.0
Your branch is up to date with 'origin/vendor/openssl-3.0'.

nothing to commit, working tree clean

Details

Provenance
khorben_defora.orgAuthored on Sep 22 2023, 2:52 PM
emasteCommitted on Sep 22 2023, 3:55 PM
Parents
rGcf2fc1b0f5ce: openssl: Vendor import of OpenSSL-3.0.9
Branches
Unknown
Tags
Unknown
References
tag: vendor/openssl/3.0.11