[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:24.libcrypto
FreeBSD Errata Notices
errata-notices at freebsd.org
Tue Aug 24 20:51:59 UTC 2021
-----BEGIN PGP SIGNED MESSAGE-----
FreeBSD-EN-21:24.libcrypto Errata Notice
The FreeBSD Project
Topic: OpenSSL 1.1.1e API functions not exported
Affects: FreeBSD 12.2 and later.
Corrected: 2021-06-09 21:53:42 UTC (stable/13, 13.0-STABLE)
2021-08-24 17:25:47 UTC (releng/13.0, 13.0-RELEASE-p4)
2021-06-09 21:54:13 UTC (stable/12, 12.2-STABLE)
2021-08-24 18:32:08 UTC (releng/12.2, 12.2-RELEASE-p10)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
libcrypto is part of the OpenSSL distribution and provides APIs to
various low-level cryptographic services.
II. Problem Description
New API functions added in OpenSSL 1.1.1e and later were not publicly
exported to applications.
Applications trying to use new API functions added in OpenSSL 1.1.1e
or later would fail to build with a link error.
No workaround is available. However, the APIs added in OpenSSL 1.1.1e
and later are obscure and not used by many applications. In particular,
none of the affected APIs are used by applications using libssl from
OpenSSL for Transport Layer Security (TLS).
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
# freebsd-update fetch
# freebsd-update install
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch
# fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch.asc
# gpg --verify libcrypto.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
VI. Correction details
This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:
Branch/path Hash Revision
stable/13/ f8edb3f9c725 stable/13-n245963
releng/13.0/ 3ef67fed446a releng/13.0-n244754
For FreeBSD 13 and later:
Run the following command to see which files were modified by a
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
For FreeBSD 12 and earlier:
Run the following command to see which files were modified by a particular
revision, replacing NNNNNN with the revision number:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
The latest revision of this advisory is available at
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the freebsd-announce