NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
lib/60382: OpenSSL 3.0.21 upgrade for netbsd-10
>Number: 60382
>Category: lib
>Synopsis: OpenSSL 3.0.21 upgrade for netbsd-10
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: lib-bug-people
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Mon Jun 29 01:00:00 +0000 2026
>Originator: Emmanuel Dreyfus
>Release: NetBSD 10.0_STABLE
>Organization:
NetBSD
>Environment:
System: NetBSD homeworld.NetBSD.org 10.0_STABLE NetBSD 10.0_STABLE (NBMAIL) #0: Tue May 28 07:37:21 UTC 2024 spz%franklin.NetBSD.org@localhost:/home/netbsd/10/amd64/obj/sys/arch/amd64/compile/NBMAIL amd64
Architecture: x86_64
Machine: amd64
>Description:
netbsd-10 includes OpenSSL 3.0.12, and this version had
many CVE reported:
CVE-2026-45447 CVE-2026-45446 CVE-2025-68160 CVE-2025-9232 CVE-2024-0727
CVE-2026-34182 CVE-2026-31790 CVE-2025-69418 CVE-2024-13176 CVE-2023-6237
CVE-2026-45445 CVE-2026-28387 CVE-2025-69419 CVE-2024-9143 CVE-2023-6129
CVE-2026-7383 CVE-2026-28388 CVE-2025-69420 CVE-2024-6119 CVE-2023-5678
CVE-2026-9076 CVE-2026-28389 CVE-2025-69421 CVE-2024-5535
CVE-2026-34180 CVE-2026-28390 CVE-2026-22795 CVE-2024-4741
CVE-2026-42766 CVE-2026-31789 CVE-2026-22796 CVE-2024-4603
CVE-2026-42770 CVE-2025-15467 CVE-2025-9230 CVE-2024-2511
This PR is about updating to OpenSSL 3.0.21 for fixing above
mentionned CVE.
>How-To-Repeat:
>Fix:
This patch updates OpenSSL to 3.0.21. It is huge: 194k lines. Most of
it is the unmodified import of openssl-3.0.1 in
src/crypto/external/bsd/openssl/dist
How is was crafted (procedure from src/doc/3RDPARTY with dditional
details):
- unpack openssl tarball in src/crypto/external/bsd/openssl/dist
- Run openssl2netbsd to get rid of the RCSID identifiers
- in src/crypto/external/bsd/openssl/dist
./configure
make include/openssl/opensslv.h
make include/openssl/fipskey.h
cp include/openssl/opensslv.h include/openssl/fipskey.h \
include/openssl/configuration.h ../include/openssl
- clear dist and unpack openssl again
- review header filer modifications and merge changes
- run make in /usr/src/crypto/external/bsd/openssl/lib/libcrypto/man
to regen man pages.
- run make in /usr/src/crypto/external/bsd/openssl/lib/libcrypto/arch/*
to regen assembly files
The big patch:
https://dl.espci.fr/ticket/d02beafc0a42f837d86847ea007de62e
Home |
Main Index |
Thread Index |
Old Index