|
Revision tags: release/13.4.0-p5, release/13.5.0-p1, release/14.2.0-p3, release/13.5.0, release/14.2.0-p2, release/14.1.0-p8, release/13.4.0-p4, release/14.1.0-p7, release/14.2.0-p1, release/13.4.0-p3, release/14.2.0, release/13.4.0 |
|
| #
cc43f991 |
| 08-Sep-2024 |
Enji Cooper <[email protected]> |
openssl: Import OpenSSL 3.0.15.
This release incorporates the following bug fixes and mitigations: - Fixed possible denial of service in X.509 name checks ([CVE-2024-6119]) - Fixed possible buffer o
openssl: Import OpenSSL 3.0.15.
This release incorporates the following bug fixes and mitigations: - Fixed possible denial of service in X.509 name checks ([CVE-2024-6119]) - Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535])
Release notes can be found at: https://openssl-library.org/news/openssl-3.0-notes/index.html
Co-authored-by: gordon MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D46602
Merge commit '108164cf95d9594884c2dcccba2691335e6f221b'
(cherry picked from commit a7148ab39c03abd4d1a84997c70bf96f15dd2a09)
Update config/build info for OpenSSL 3.0.15
This is a companion commit to the OpenSSL 3.0.15 update.
`opensslv.h` was regenerated via the following process:
``` cd crypto/openssl ./config git reset --hard gmake include/openssl/opensslv.h ```
`Makefile.inc` has been updated to match.
MFC after: 1 week MFC with: a7148ab39c03abd4d1a84997c70bf96f15dd2a09 Differential Revision: https://reviews.freebsd.org/D46603
(cherry picked from commit cc717b574d7faa2e0b2de1a985076286cef74187)
sys/crypto/openssl: update powerpc* ASM
This change updates the crypto powerpc* ASM via the prescribed process documented in `crypto/openssl/FREEBSD-upgrade`.
This change syncs the ASM with 3.0.15's generated ASM.
MFC after: 1 week MFC with: a7148ab39c03abd4d1a84997c70bf96f15dd2a09 MFC with: cc717b574d7faa2e0b2de1a985076286cef74187 Differential Revision: https://reviews.freebsd.org/D46604
(cherry picked from commit 77864b545b0aaa91bc78b1156c477825007a6233)
show more ...
|
| #
13a031f0 |
| 26-Jun-2024 |
Enji Cooper <[email protected]> |
Update to OpenSSL 3.0.14
This release resolves 3 upstream found CVEs: - Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741) - Fixed an issue where checking excessively
Update to OpenSSL 3.0.14
This release resolves 3 upstream found CVEs: - Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741) - Fixed an issue where checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603) - Fixed unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)
MFC after: 3 days Merge commit '1070e7dca8223387baf5155524b28f62bfe7da3c'
(cherry picked from commit 44096ebd22ddd0081a357011714eff8963614b65)
show more ...
|
|
Revision tags: release/14.1.0, release/13.3.0 |
|
| #
c9488674 |
| 02-Feb-2024 |
Cy Schubert <[email protected]> |
OpenSSL: Vendor import of OpenSSL 3.0.13
* Fixed PKCS12 Decoding crashes ([CVE-2024-0727]) * Fixed Excessive time spent checking invalid RSA public keys ([CVE-2023-6237]) * Fixed POLY1305 MAC
OpenSSL: Vendor import of OpenSSL 3.0.13
* Fixed PKCS12 Decoding crashes ([CVE-2024-0727]) * Fixed Excessive time spent checking invalid RSA public keys ([CVE-2023-6237]) * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129]) * Fix excessive time spent in DH check / generation with large Q parameter value ([CVE-2023-5678])
Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html.
Approved by: emaste
Merge commit '9dd13e84fa8eca8f3462bd55485aa3da8c37f54a'
(cherry picked from commit e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6)
show more ...
|
|
Revision tags: release/14.0.0 |
|
| #
8f1ef87a |
| 30-May-2023 |
Jung-uk Kim <[email protected]> |
OpenSSL: Merge OpenSSL 1.1.1u
(cherry picked from commit 8ecb489345f08012fdc92a202a40119891cac330)
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0 |
|
| #
5ac766ab |
| 15-Mar-2022 |
Jung-uk Kim <[email protected]> |
OpenSSL: Merge OpenSSL 1.1.1n
|
| #
b2bf0c7e |
| 14-Dec-2021 |
Jung-uk Kim <[email protected]> |
OpenSSL: Merge OpenSSL 1.1.1m
Merge commit '56eae1b760adf10835560a9ee595549a1f10410f'
|
|
Revision tags: release/12.3.0, release/13.0.0 |
|
| #
aa906e2a |
| 16-Jan-2021 |
John Baldwin <[email protected]> |
OpenSSL: Support for kernel TLS offload (KTLS)
This merges upstream patches from OpenSSL's master branch to add KTLS infrastructure for TLS 1.0-1.3 including both RX and TX offload and SSL_sendfile
OpenSSL: Support for kernel TLS offload (KTLS)
This merges upstream patches from OpenSSL's master branch to add KTLS infrastructure for TLS 1.0-1.3 including both RX and TX offload and SSL_sendfile support on both Linux and FreeBSD.
Note that TLS 1.3 only supports TX offload.
A new WITH/WITHOUT_OPENSSL_KTLS determines if OpenSSL is built with KTLS support. It defaults to enabled on amd64 and disabled on all other architectures.
Reviewed by: jkim (earlier version) Approved by: secteam Obtained from: OpenSSL (patches from master) MFC after: 1 week Relnotes: yes Sponsored by: Netflix Differential Revision: https://reviews.freebsd.org/D28273
show more ...
|
|
Revision tags: release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0, release/11.2.0, release/10.4.0, release/11.1.0, release/11.0.1, release/11.0.0, release/10.3.0, release/10.2.0, release/10.1.0, release/9.3.0, release/10.0.0, release/9.2.0, release/8.4.0, release/9.1.0, release/8.3.0_cvs, release/8.3.0, release/9.0.0, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0, release/8.1.0_cvs, release/8.1.0 |
|
| #
ccc1eaed |
| 22-May-2010 |
Simon L. B. Nielsen <[email protected]> |
Merge OpenSSL 0.9.8n from head into stable/8.
Approved by: re (kib)
|
|
Revision tags: release/7.3.0_cvs, release/7.3.0, release/8.0.0_cvs, release/8.0.0, release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0, release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0 |
|
| #
5471f83e |
| 15-Mar-2007 |
Simon L. B. Nielsen <[email protected]> |
Vendor import of OpenSSL 0.9.8e.
|
|
Revision tags: release/6.2.0_cvs, release/6.2.0 |
|
| #
ed5d4f9a |
| 01-Oct-2006 |
Simon L. B. Nielsen <[email protected]> |
Vendor import of OpenSSL 0.9.8d.
|
| #
3b4e3dcb |
| 29-Jul-2006 |
Simon L. B. Nielsen <[email protected]> |
Vendor import of OpenSSL 0.9.8b
|
|
Revision tags: release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0, release/6.0.0_cvs, release/6.0.0, release/5.4.0_cvs, release/5.4.0 |
|
| #
6be8ae07 |
| 25-Feb-2005 |
Jacques Vidrine <[email protected]> |
Vendor import of OpenSSL 0.9.7e.
|
|
Revision tags: release/4.11.0_cvs, release/4.11.0, release/5.3.0_cvs, release/5.3.0, release/4.10.0_cvs, release/4.10.0 |
|
| #
ced566fd |
| 17-Mar-2004 |
Jacques Vidrine <[email protected]> |
Vendor import of OpenSSL 0.9.7d.
|
|
Revision tags: release/5.2.1_cvs, release/5.2.1, release/5.2.0_cvs, release/5.2.0, release/4.9.0_cvs, release/4.9.0 |
|
| #
50ef0093 |
| 01-Oct-2003 |
Jacques Vidrine <[email protected]> |
Vendor import of OpenSSL 0.9.7c
|
|
Revision tags: release/5.1.0_cvs, release/5.1.0, release/4.8.0_cvs, release/4.8.0 |
|
| #
fceca8a3 |
| 19-Feb-2003 |
Jacques Vidrine <[email protected]> |
Vendor import of OpenSSL 0.9.7a.
|
| #
5c87c606 |
| 28-Jan-2003 |
Mark Murray <[email protected]> |
Vendor import of OpenSSL release 0.9.7. This release includes support for AES and OpenBSD's hardware crypto.
|
|
Revision tags: release/5.0.0_cvs, release/5.0.0, release/4.7.0_cvs, release/4.6.2_cvs, release/4.6.2 |
|
| #
9e6c5d17 |
| 10-Aug-2002 |
Jacques Vidrine <[email protected]> |
Import of OpenSSL 0.9.6f.
|
| #
4f20a5a2 |
| 30-Jul-2002 |
Jacques Vidrine <[email protected]> |
Import of OpenSSL 0.9.6e.
|
| #
c1803d78 |
| 30-Jul-2002 |
Jacques Vidrine <[email protected]> |
Import of OpenSSL 0.9.6d.
|
|
Revision tags: release/4.6.1, release/4.6.0_cvs, release/4.5.0_cvs, release/4.4.0_cvs |
|
| #
a21b1b38 |
| 27-Jan-2002 |
Kris Kennaway <[email protected]> |
Initial import of OpenSSL 0.9.6c
|
| #
26d191b4 |
| 19-Jul-2001 |
Kris Kennaway <[email protected]> |
Initial import of OpenSSL 0.9.6b
|
| #
5740a5e3 |
| 20-May-2001 |
Kris Kennaway <[email protected]> |
Initial import of OpenSSL 0.9.6a
|
|
Revision tags: release/4.3.0_cvs, release/4.3.0 |
|
| #
de7cddda |
| 18-Feb-2001 |
Kris Kennaway <[email protected]> |
Import of OpenSSL 0.9.6-STABLE snapshot dated 2001-02-10
|
|
Revision tags: release/4.2.0 |
|
| #
ddd58736 |
| 13-Nov-2000 |
Kris Kennaway <[email protected]> |
Initial import of OpenSSL 0.9.6
|
|
Revision tags: release/4.1.1_cvs, release/4.1.0, release/3.5.0_cvs |
|
| #
f579bf8e |
| 13-Apr-2000 |
Kris Kennaway <[email protected]> |
Initial import of OpenSSL 0.9.5a
|