openssl: Import OpenSSL 3.0.15.This release incorporates the following bug fixes and mitigations:- Fixed possible denial of service in X.509 name checks ([CVE-2024-6119])- Fixed possible buffer o
openssl: Import OpenSSL 3.0.15.This release incorporates the following bug fixes and mitigations:- Fixed possible denial of service in X.509 name checks ([CVE-2024-6119])- Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535])Release notes can be found at:https://openssl-library.org/news/openssl-3.0-notes/index.htmlCo-authored-by: gordonMFC after: 1 weekDifferential Revision: https://reviews.freebsd.org/D46602Merge commit '108164cf95d9594884c2dcccba2691335e6f221b'(cherry picked from commit a7148ab39c03abd4d1a84997c70bf96f15dd2a09)Update config/build info for OpenSSL 3.0.15This is a companion commit to the OpenSSL 3.0.15 update.`opensslv.h` was regenerated via the following process:```cd crypto/openssl./configgit reset --hardgmake include/openssl/opensslv.h````Makefile.inc` has been updated to match.MFC after: 1 weekMFC with: a7148ab39c03abd4d1a84997c70bf96f15dd2a09Differential Revision: https://reviews.freebsd.org/D46603(cherry picked from commit cc717b574d7faa2e0b2de1a985076286cef74187)sys/crypto/openssl: update powerpc* ASMThis change updates the crypto powerpc* ASM via the prescribed processdocumented in `crypto/openssl/FREEBSD-upgrade`.This change syncs the ASM with 3.0.15's generated ASM.MFC after: 1 weekMFC with: a7148ab39c03abd4d1a84997c70bf96f15dd2a09MFC with: cc717b574d7faa2e0b2de1a985076286cef74187Differential Revision: https://reviews.freebsd.org/D46604(cherry picked from commit 77864b545b0aaa91bc78b1156c477825007a6233)
show more ...
Update to OpenSSL 3.0.14This release resolves 3 upstream found CVEs:- Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741)- Fixed an issue where checking excessively
Update to OpenSSL 3.0.14This release resolves 3 upstream found CVEs:- Fixed potential use after free after SSL_free_buffers() is called (CVE-2024-4741)- Fixed an issue where checking excessively long DSA keys or parameters may be very slow (CVE-2024-4603)- Fixed unbounded memory growth with session handling in TLSv1.3 (CVE-2024-2511)MFC after: 3 daysMerge commit '1070e7dca8223387baf5155524b28f62bfe7da3c'(cherry picked from commit 44096ebd22ddd0081a357011714eff8963614b65)
OpenSSL: Vendor import of OpenSSL 3.0.13 * Fixed PKCS12 Decoding crashes ([CVE-2024-0727]) * Fixed Excessive time spent checking invalid RSA public keys ([CVE-2023-6237]) * Fixed POLY1305 MAC
OpenSSL: Vendor import of OpenSSL 3.0.13 * Fixed PKCS12 Decoding crashes ([CVE-2024-0727]) * Fixed Excessive time spent checking invalid RSA public keys ([CVE-2023-6237]) * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129]) * Fix excessive time spent in DH check / generation with large Q parameter value ([CVE-2023-5678])Release notes can be found at https://www.openssl.org/news/openssl-3.0-notes.html.Approved by: emasteMerge commit '9dd13e84fa8eca8f3462bd55485aa3da8c37f54a'(cherry picked from commit e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6)