BSDSec

deadsimple BSD Security Advisories and Announcements

FreeBSD Errata Notice FreeBSD-EN-21:24.libcrypto

24 August, 2021 by errata-notices@freebsd.org | freebsd 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-21:24.libcrypto                                      Errata Notice
                                                          The FreeBSD Project

Topic:          OpenSSL 1.1.1e API functions not exported

Category:       core
Module:         libcrypto
Announced:      2021-08-24
Affects:        FreeBSD 12.2 and later.
Corrected:      2021-06-09 21:53:42 UTC (stable/13, 13.0-STABLE)
                2021-08-24 17:25:47 UTC (releng/13.0, 13.0-RELEASE-p4)
                2021-06-09 21:54:13 UTC (stable/12, 12.2-STABLE)
                2021-08-24 18:32:08 UTC (releng/12.2, 12.2-RELEASE-p10)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

libcrypto is part of the OpenSSL distribution and provides APIs to
various low-level cryptographic services.

II.  Problem Description

New API functions added in OpenSSL 1.1.1e and later were not publicly
exported to applications.

III. Impact

Applications trying to use new API functions added in OpenSSL 1.1.1e
or later would fail to build with a link error.

IV.  Workaround

No workaround is available.  However, the APIs added in OpenSSL 1.1.1e
and later are obscure and not used by many applications.  In particular,
none of the affected APIs are used by applications using libssl from
OpenSSL for Transport Layer Security (TLS).

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch
# fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch.asc
# gpg --verify libcrypto.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.

VI.  Correction details

This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/13/                              f8edb3f9c725    stable/13-n245963
releng/13.0/                            3ef67fed446a  releng/13.0-n244754
stable/12/                                                        r369974
releng/12.2/                                                      r370391
- -------------------------------------------------------------------------

For FreeBSD 13 and later:

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

For FreeBSD 12 and earlier:

Run the following command to see which files were modified by a particular
revision, replacing NNNNNN with the revision number:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:24.libcrypto.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n
5cLiZxAAlg4s2mnbSDWTcyyDFSiriek2RFyqT6SR0FkHAod+zYzIrZNfLGM5431N
0Wr15eSkLqUKpbG88eE44N3aqVQSDnhmgGw5R4v+n//y4M8YywiW78inIB09Wpvl
XvfckpBgj8hAHvh2P54nP52m5Vxo0/WUHCNXi7VQFfjWyFxwUxcUnlumC/CpEqGI
GWNB9ZzVg9x7U7ykDd+MtRFRoURYHzZyTUlfpcJD0eS9bWi4JzYWmJElkwehSvI2
Ey0Mf2ynslbhEmUlFrnBRMmFVg1D12aVQApfn69+AB2twYyScjZXMoz6P1vwAEmg
wrNE1yVb27MB1MK9+t6yuRVgd/S7BFrQ7NLnl/jOa21eAHBE1Ac21BvifrYiJr3I
D2BH859RxUXzer/MU1vGGoTdZkujubaDsVWJqobFcnHC+flnfkzTLNiJxT65eI7n
fqwz1UoeHdeDs6hpkGH5uecsae3GOZSNW307eEvJKeQg6JbzaREKh4cth+0fCA32
xzxVD4BiMgjdCkRe0mESQUSrW3jsHqNm0L721iY71TqF4/FRylkvHIseIljEW1cp
zmt37+buvEtHuYHsmhNRvdJLJVPRnA6Lhn+VQ0IKObZW5WVxo3dbqSITPg/SuzLu
CWjUVXb3uUFc1xM3CtSQL+6k3cy6EYIw713rbrq+hApnCEf2/UE=T9UL
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"