Re: git: e0c4386e7e71 - main - OpenSSL: Vendor import of OpenSSL 3.0.13

In reply to: Cy Schubert : "git: e0c4386e7e71 - main - OpenSSL: Vendor import of OpenSSL 3.0.13"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Herbert J. Skuhra <herbert_at_gojira.at>
Date: Sat, 03 Feb 2024 00:24:36 UTC

On Fri, Feb 02, 2024 at 09:22:08PM +0000, Cy Schubert wrote:
> The branch main has been updated by cy:
> 
> URL: https://cgit.FreeBSD.org/src/commit/?id=e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6
> 
> commit e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6
> Merge: fbae308319b7 9dd13e84fa8e
> Author:     Cy Schubert <cy@FreeBSD.org>
> AuthorDate: 2024-02-02 21:10:22 +0000
> Commit:     Cy Schubert <cy@FreeBSD.org>
> CommitDate: 2024-02-02 21:21:36 +0000
> 
>     OpenSSL: Vendor import of OpenSSL 3.0.13
>     
>      * Fixed PKCS12 Decoding crashes ([CVE-2024-0727])
>      * Fixed Excessive time spent checking invalid RSA public keys
>        ([CVE-2023-6237])
>      * Fixed POLY1305 MAC implementation corrupting vector registers on
>        PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129])
>      * Fix excessive time spent in DH check / generation with large Q
>        parameter value ([CVE-2023-5678])
>     
>     Release notes can be found at
>                 https://www.openssl.org/news/openssl-3.0-notes.html.
>     
>     Approved by:    emaste
>     MFC after:      3 days
>     
>     Merge commit '9dd13e84fa8eca8f3462bd55485aa3da8c37f54a'

crypto/openssl/include/openssl/opensslv.h was not updated:

% openssl version
OpenSSL 3.0.12 24 Oct 2023 (Library: OpenSSL 3.0.12 24 Oct 2023

-- 
Herbert