Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 19 Mar 2015 23:13:11 +0000
From:      Vsevolod Stakhov <vsevolod@FreeBSD.org>
To:        d@delphij.net, ports-committers@freebsd.org,  svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   Re: svn commit: r381603 - in head/security/libressl: . security security/libressl security/libressl/files
Message-ID:  <550B5807.5080102@FreeBSD.org>
In-Reply-To: <550B4DDE.8060508@delphij.net>
References:  <201503191530.t2JFUOD0008431@svn.freebsd.org> <550B4DDE.8060508@delphij.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On 19/03/15 22:29, Xin Li wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 03/19/15 08:30, Vsevolod Stakhov wrote:
>> Author: vsevolod
>> Date: Thu Mar 19 15:30:24 2015
>> New Revision: 381603
>> URL: https://svnweb.freebsd.org/changeset/ports/381603
>> QAT: https://qat.redports.org/buildarchive/r381603/
>>
>> Log:
>>    - Backport the following fixes from openssl [1]:
>>    CVE-2015-0207 Segmentation fault in DTLSv1_listen moderate
>>    CVE-2015-0209 Use After Free following d2i_ECPrivatekey error low
>>    CVE-2015-0286 Segmentation fault in ASN1_TYPE_cmp moderate
>>    CVE-2015-0287 ASN.1 structure reuse memory corruption moderate
>>    CVE-2015-0289 PKCS7 NULL pointer dereferences moderate
>>    - Enable libtls component [2]
>>    - Bump portrevision
>>
>>    PR:		198681 [1]
>>    Submitted by:	Bernard Spil <spil.oss at gmail.com> [1], naddy [2]
>>
>> Added:
>>    head/security/libressl/security/
>>    head/security/libressl/security/libressl/
>>    head/security/libressl/security/libressl/files/
>>    head/security/libressl/security/libressl/files/patch-crypto_asn1_a__int.c   (contents, props changed)
>>    head/security/libressl/security/libressl/files/patch-crypto_asn1_a__set.c   (contents, props changed)
>>    head/security/libressl/security/libressl/files/patch-crypto_asn1_a__type.c   (contents, props changed)
>>    head/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pr.c   (contents, props changed)
>>    head/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pu.c   (contents, props changed)
>>    head/security/libressl/security/libressl/files/patch-crypto_asn1_n__pkey.c   (contents, props changed)
>>    head/security/libressl/security/libressl/files/patch-crypto_asn1_tasn__dec.c   (contents, props changed)
>>    head/security/libressl/security/libressl/files/patch-crypto_asn1_x__x509.c   (contents, props changed)
>>    head/security/libressl/security/libressl/files/patch-crypto_ec_ec__asn1.c   (contents, props changed)
>>    head/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__doit.c   (contents, props changed)
>>    head/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__lib.c   (contents, props changed)
>>    head/security/libressl/security/libressl/files/patch-ssl_d1__lib.c   (contents, props changed)
>
> 			   ^^^^^^^^^^^^^^^^^^ This doesn't seem right, would you please fix it?

Oh, thanks for mention. I've misused `svn patch` in this case.

-- 
Vsevolod Stakhov



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?550B5807.5080102>