263434 – openssl: Unpatched bugs in /crypto/openssl/apps

Bug 263434 - openssl: Unpatched bugs in /crypto/openssl/apps

Summary: openssl: Unpatched bugs in /crypto/openssl/apps

Status:	Closed Not A Bug

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Jung-uk Kim

URL:
Keywords:	needs-qa, security

Depends on:
Blocks:

Reported:	2022-04-20 06:50 UTC by xiaohuizhang
Modified:	2022-06-20 02:11 UTC (History)
CC List:	4 users (show)

See Also:	https://github.com/openssl/openssl/pull/18069

Flags:	koobs: maintainer-feedback? (secteam) koobs: mfc-stable13? koobs: mfc-stable12?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description xiaohuizhang 2022-04-20 06:50:28 UTC

There are several important patches in the newest OpenSSL, which involve the code introduced by FreeBSD (such as /crypto/openssl/apps/apps.c and /crypto/openssl/apps/ca.c). They have not been patched in FreeBSD yet. The PR link is as follows:

https://github.com/openssl/openssl/pull/18069

Comment 1 Gordon Tetlow freebsd_committer

2022-04-21 15:32:00 UTC

Over to jkim for review. I'm unsure we have anything to do here.

Comment 2 Jung-uk Kim freebsd_committer

2022-04-21 16:13:17 UTC

(In reply to Gordon Tetlow from comment #1)
We do not merge individual patches from upstream unless it is critical and I don't think it is critical.  IOW, it will be patched as a part of upstream import.