Date: Tue, 2 May 2017 16:16:23 +0200 From: Michael Gmelin <grembo@freebsd.org> To: Bernard Spil <brnrd@FreeBSD.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r439764 - in head/security/libressl-devel: . files Message-ID: <20170502161623.362fe169@bsd64.grem.de> In-Reply-To: <201704291732.v3THWFKO065849@repo.freebsd.org> References: <201704291732.v3THWFKO065849@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 29 Apr 2017 17:32:15 +0000 (UTC) Bernard Spil <brnrd@FreeBSD.org> wrote: > Author: brnrd > Date: Sat Apr 29 17:32:15 2017 > New Revision: 439764 > URL: https://svnweb.freebsd.org/changeset/ports/439764 > > Log: > security/libressl: Fix vulnerability > > Obtained from: OpenBSD > MFH: 2017Q2 > Security: 24673ed7-2bf3-11e7-b291-b499baebfeaf > Security: CVE-2017-8301 > > Added: > head/security/libressl-devel/files/patch-CVE-2017-8301 > - copied unchanged from r439762, > head/security/libressl/files/patch-CVE-2017-8301 Modified: > head/security/libressl-devel/Makefile > > Modified: head/security/libressl-devel/Makefile > ============================================================================== > --- head/security/libressl-devel/Makefile Sat Apr 29 17:29:01 > 2017 (r439763) +++ > head/security/libressl-devel/Makefile Sat Apr 29 17:32:15 > 2017 (r439764) @@ -3,6 +3,7 @@ > PORTNAME= libressl > PORTVERSION= 2.5.3 > +PORTREVISION= 1 > CATEGORIES= security devel > MASTER_SITES= OPENBSD/LibreSSL > PKGNAMESUFFIX= -devel > > Copied: head/security/libressl-devel/files/patch-CVE-2017-8301 (from > r439762, head/security/libressl/files/patch-CVE-2017-8301) > ============================================================================== > --- /dev/null 00:00:00 1970 (empty, because file is > newly added) +++ > head/security/libressl-devel/files/patch-CVE-2017-8301 Sat Apr > 29 17:32:15 2017 (r439764, copy of r439762, > head/security/libressl/files/patch-CVE-2017-8301) @@ -0,0 +1,32 @@ > +https://marc.info/?l=openbsd-cvs&m=149342064612660 + > +=================================================================== > +RCS file: /cvs/src/lib/libcrypto/x509/x509_vfy.c,v +retrieving > revision 1.61 +retrieving revision 1.61.4.1 +diff -u -r1.61 -r1.61.4.1 > +--- crypto/x509/x509_vfy.c 2017/02/05 02:33:21 1.61 > ++++ crypto/x509/x509_vfy.c 2017/04/28 23:12:04 1.61.4.1 > +@@ -1,4 +1,4 @@ > +-/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */ > ++/* $OpenBSD: x509_vfy.c,v 1.61.4.1 2017/04/28 23:12:04 beck Exp $ */ > + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) > + * All rights reserved. > + * > +@@ -541,15 +541,7 @@ > + /* Safety net, error returns must set ctx->error */ > + if (ok <= 0 && ctx->error == X509_V_OK) > + ctx->error = X509_V_ERR_UNSPECIFIED; > +- > +- /* > +- * Safety net, if user provided verify callback indicates > sucess +- * make sure they have set error to X509_V_OK > +- */ > +- if (ctx->verify_cb != null_callback && ok == 1) > +- ctx->error = X509_V_OK; > +- > +- return(ctx->error == X509_V_OK); > ++ return ok; > + } > + > + /* Given a STACK_OF(X509) find the issuer of cert (if any) > This MFH breaks 2017Q2, please see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218988. -m -- Michael Gmelin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170502161623.362fe169>