Date: Sat, 29 Apr 2017 17:10:09 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r439762 - in head/security/libressl: . files Message-ID: <201704291710.v3THA9Yn055925@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Sat Apr 29 17:10:09 2017 New Revision: 439762 URL: https://svnweb.freebsd.org/changeset/ports/439762 Log: security/libressl: Fix vulnerability Obtained from: OpenBSD MFH: 2017Q2 Security: 24673ed7-2bf3-11e7-b291-b499baebfeaf Security: CVE-2017-8301 Added: head/security/libressl/files/patch-CVE-2017-8301 (contents, props changed) Modified: head/security/libressl/Makefile Modified: head/security/libressl/Makefile ============================================================================== --- head/security/libressl/Makefile Sat Apr 29 16:37:53 2017 (r439761) +++ head/security/libressl/Makefile Sat Apr 29 17:10:09 2017 (r439762) @@ -3,6 +3,7 @@ PORTNAME= libressl PORTVERSION= 2.5.3 +PORTREVISION= 1 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL Added: head/security/libressl/files/patch-CVE-2017-8301 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/libressl/files/patch-CVE-2017-8301 Sat Apr 29 17:10:09 2017 (r439762) @@ -0,0 +1,32 @@ +https://marc.info/?l=openbsd-cvs&m=149342064612660 + +=================================================================== +RCS file: /cvs/src/lib/libcrypto/x509/x509_vfy.c,v +retrieving revision 1.61 +retrieving revision 1.61.4.1 +diff -u -r1.61 -r1.61.4.1 +--- crypto/x509/x509_vfy.c 2017/02/05 02:33:21 1.61 ++++ crypto/x509/x509_vfy.c 2017/04/28 23:12:04 1.61.4.1 +@@ -1,4 +1,4 @@ +-/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */ ++/* $OpenBSD: x509_vfy.c,v 1.61.4.1 2017/04/28 23:12:04 beck Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -541,15 +541,7 @@ + /* Safety net, error returns must set ctx->error */ + if (ok <= 0 && ctx->error == X509_V_OK) + ctx->error = X509_V_ERR_UNSPECIFIED; +- +- /* +- * Safety net, if user provided verify callback indicates sucess +- * make sure they have set error to X509_V_OK +- */ +- if (ctx->verify_cb != null_callback && ok == 1) +- ctx->error = X509_V_OK; +- +- return(ctx->error == X509_V_OK); ++ return ok; + } + + /* Given a STACK_OF(X509) find the issuer of cert (if any)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704291710.v3THA9Yn055925>