Commit Graph

28 Commits

Author SHA1 Message Date
Enji Cooper 3a71a35ad9 openssl: import 3.5.7
This change adds OpenSSL 3.5.7 from upstream [1].

The 3.5.7 artifact was been verified via PGP key [2] and by SHA256 checksum [3].

This change is a security release which resolves several issues with OpenSSL 3.5,
the highest severity issue being ranked "High". Users are strongly encouraged to
update to this release.

More information about the release (from a high level) can be found in
the release notes [4].

Updated via [5] with `update_openssl.sh 3.5.7`.

Approved by:	so (gordon; implicit)

1. https://github.com/openssl/openssl/releases/download/openssl-3.5.7/openssl-3.5.7.tar.gz
2. https://github.com/openssl/openssl/releases/download/openssl-3.5.7/openssl-3.5.7.tar.gz.asc
3. https://github.com/openssl/openssl/releases/download/openssl-3.5.7/openssl-3.5.7.tar.gz.sha256
4. https://github.com/openssl/openssl/blob/openssl-3.5.7/NEWS.md
5. https://codeberg.org/ngie/freebsd-powertools/src/branch/main/shell/update_openssl.sh (facdfe954)
2026-06-09 12:21:35 -07:00
Enji Cooper ab5fc4ac93 OpenSSL: import 3.5.6
This change adds OpenSSL 3.5.6 from upstream [1].

The 3.5.5 artifact was been verified via PGP key [2] and by SHA256 checksum [3].

This is a security release, but also contains several bugfixes.

More information about the release (from a high level) can be found in
the release notes [4].

1. openssl-3.5.6.tar.gz
2. openssl-3.5.6.tar.gz.asc
3. openssl-3.5.6.tar.gz.sha256
4. https://github.com/openssl/openssl/blob/openssl-3.5.6/NEWS.md
2026-04-07 15:35:35 -07:00
Enji Cooper 808413da28 openssl: import 3.5.5
This change adds OpenSSL 3.5.5 from upstream [1].

The 3.5.5 artifact was been verified via PGP key [2] and by SHA256 checksum [3].

This is a security release, but also contains several bugfixes.

More information about the release (from a high level) can be found in
the release notes [4].

1. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz
2. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz.asc
3. https://github.com/openssl/openssl/releases/download/openssl-3.5.5/openssl-3.5.5.tar.gz.sha256
4. https://github.com/openssl/openssl/blob/openssl-3.5.5/NEWS.md
2026-01-28 17:27:53 -08:00
Enji Cooper 29536654cc openssl: import 3.5.0
This change adds OpenSSL 3.5.0 from upstream [1].

The 3.5.0 artifact was been verified via PGP key [2] and by SHA256 checksum [3].

More information about the release (from a high level) can be found in
the release notes [4].

1. https://github.com/openssl/openssl/releases/download/openssl-3.5.0/openssl-3.5.0.tar.gz
2. https://github.com/openssl/openssl/releases/download/openssl-3.5.0/openssl-3.5.0.tar.gz.asc
3. https://github.com/openssl/openssl/releases/download/openssl-3.5.0/openssl-3.5.0.tar.gz.sha256
4. https://github.com/openssl/openssl/blob/openssl-3.5.0/NEWS.md
2025-05-07 15:37:22 -07:00
Cy Schubert 9dd13e84fa OpenSSL: Vendor import of OpenSSL 3.0.13
* Fixed PKCS12 Decoding crashes ([CVE-2024-0727])
* Fixed Excessive time spent checking invalid RSA public keys
  ([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on
  PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129])
* Fix excessive time spent in DH check / generation with large Q
  parameter value ([CVE-2023-5678])

Release notes can be found at
	https://www.openssl.org/news/openssl-3.0-notes.html.
2024-02-02 01:48:38 -08:00
Enji Cooper e4520c8bd1 openssl: Vendor import of OpenSSL-3.0.8
Summary:

Release notes can be found at
https://www.openssl.org/news/openssl-3.0-notes.html .

Obtained from:  https://www.openssl.org/source/openssl-3.0.8.tar.gz
Differential Revision:	https://reviews.freebsd.org/D38835

Test Plan:
```
$ git status
On branch vendor/openssl-3.0
nothing to commit, working tree clean
$ (cd ..; fetch http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz http://www.openssl.org/source/openssl-${OSSLVER}.tar.gz.asc)
openssl-3.0.8.tar.gz                                    14 MB 4507 kBps    04s
openssl-3.0.8.tar.gz.asc                               833  B   10 MBps    00s
$ set | egrep '(XLIST|OSSLVER)='
OSSLVER=3.0.8
XLIST=FREEBSD-Xlist
$ gpg --list-keys
/home/ngie/.gnupg/pubring.kbx
-----------------------------
pub   rsa4096 2014-10-04 [SC]
      7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
uid           [ unknown] Richard Levitte <richard@levitte.org>
uid           [ unknown] Richard Levitte <levitte@lp.se>
uid           [ unknown] Richard Levitte <levitte@openssl.org>
sub   rsa4096 2014-10-04 [E]

$ gpg --verify openssl-${OSSLVER}.tar.gz.asc openssl-${OSSLVER}.tar.gz
gpg: Signature made Tue Feb  7 05:43:55 2023 PST
gpg:                using RSA key 7953AC1FBC3DC8B3B292393ED5E9E43F7DF9EE8C
gpg: Good signature from "Richard Levitte <richard@levitte.org>" [unknown]
gpg:                 aka "Richard Levitte <levitte@lp.se>" [unknown]
gpg:                 aka "Richard Levitte <levitte@openssl.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7953 AC1F BC3D C8B3 B292  393E D5E9 E43F 7DF9 EE8C
$ (cd vendor.checkout/; git status; find . -type f -or -type l | cut -c 3- | sort > ../old)
On branch vendor/openssl-3.0
nothing to commit, working tree clean
$ tar -x -X $XLIST -f ../openssl-${OSSLVER}.tar.gz -C ..
$ rsync --exclude FREEBSD.* --delete -avzz ../openssl-${OSSLVER}/* .
$ cat .git
gitdir: /home/ngie/git/freebsd-src/.git/worktrees/vendor.checkout
$ diff -arq ../openssl-3.0.8  .
Only in .: .git
Only in .: FREEBSD-Xlist
Only in .: FREEBSD-upgrade
$ git status FREEBSD*
On branch vendor/openssl-3.0
nothing to commit, working tree clean
$
```

Reviewers: emaste, jkim

Subscribers: imp, andrew, dab

Differential Revision: https://reviews.freebsd.org/D38835
2023-03-06 12:41:29 -08:00
Jung-uk Kim c1d1798abd Import OpenSSL 1.1.1l 2021-08-31 22:23:22 -04:00
Jung-uk Kim 92f02b3b0f Import OpenSSL 1.1.1h. 2020-09-22 14:27:08 +00:00
Jung-uk Kim 65aa3028e5 Import OpenSSL 1.1.1g. 2020-04-21 19:07:46 +00:00
Jung-uk Kim aa144ced5d Import OpenSSL 1.1.1e. 2020-03-17 21:27:57 +00:00
Jung-uk Kim fbc3ad1ae1 Import OpenSSL 1.1.1d. 2019-09-10 17:40:53 +00:00
Jung-uk Kim 375b8e6770 Import OpenSSL 1.1.1c. 2019-05-28 20:08:17 +00:00
Jung-uk Kim 8c3f9abd70 Import OpenSSL 1.1.1a. 2018-11-20 18:59:41 +00:00
Jung-uk Kim a43ce912fc Import OpenSSL 1.1.1. 2018-09-13 19:18:07 +00:00
Jung-uk Kim 02be298e50 Import OpenSSL 1.0.2o. 2018-03-27 17:03:01 +00:00
Jung-uk Kim 12df5ad9af Import OpenSSL 1.0.2l. 2017-05-25 19:38:38 +00:00
Jung-uk Kim 5315173646 Import OpenSSL 1.0.2k. 2017-01-26 18:32:12 +00:00
Jung-uk Kim e9fcefce9b Import OpenSSL 1.0.2d. 2015-10-23 19:46:02 +00:00
Jung-uk Kim c07d7b3a38 Import OpenSSL 1.0.1p. 2015-07-09 16:41:34 +00:00
Jung-uk Kim a9745f9a84 Import OpenSSL 1.0.1n. 2015-06-11 17:56:16 +00:00
Jung-uk Kim 3d2030852d Import OpenSSL 1.0.1m. 2015-03-20 15:28:40 +00:00
Jung-uk Kim 58ab7656b2 Import OpenSSL 1.0.1j. 2014-10-15 17:32:57 +00:00
Jung-uk Kim cb6864802e Import OpenSSL 1.0.1i. 2014-08-07 16:49:55 +00:00
Jung-uk Kim 2dc7f78169 Import OpenSSL 1.0.1f.
Approved by:	so (delphij), benl (silence)
2014-01-22 19:27:13 +00:00
Jung-uk Kim f3b8b34a88 Import OpenSSL 1.0.1e.
Approved by:	secteam (delphij, simon), benl (silence)
2013-02-13 22:15:56 +00:00
Jung-uk Kim 0758ab5ea7 Import OpenSSL 1.0.1c.
Approved by:	benl (maintainer)
2012-07-11 23:31:36 +00:00
Simon L. B. Nielsen 518099af59 Import OpenSSL 0.9.8k. 2009-06-07 19:56:18 +00:00
Simon L. B. Nielsen c4a78426be Flatten OpenSSL vendor tree. 2008-08-23 10:51:00 +00:00