Date: Sun, 30 Apr 2017 10:41:17 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r439797 - in branches/2017Q2: net/openntpd security/acme-client security/libressl security/libressl-devel security/libressl-devel/files security/libressl/files Message-ID: <201704301041.v3UAfHTk004356@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Sun Apr 30 10:41:17 2017 New Revision: 439797 URL: https://svnweb.freebsd.org/changeset/ports/439797 Log: MFH: r438889 r439764 r439772 r439762 Belated revision bump after libressl 2.5.3 update. This approach doesn't work, does it? security/libressl-devel: Fix vulnerability Obtained from: OpenBSD Security: 24673ed7-2bf3-11e7-b291-b499baebfeaf Security: CVE-2017-8301 security/libressl: Bump static library consumers Reported by: jbeich security/libressl: Fix vulnerability Obtained from: OpenBSD Security: 24673ed7-2bf3-11e7-b291-b499baebfeaf Security: CVE-2017-8301 Approved by: ports-secteam (junovitch) Added: branches/2017Q2/security/libressl-devel/files/patch-CVE-2017-8301 - copied unchanged from r439764, head/security/libressl-devel/files/patch-CVE-2017-8301 branches/2017Q2/security/libressl/files/patch-CVE-2017-8301 - copied unchanged from r439762, head/security/libressl/files/patch-CVE-2017-8301 Modified: branches/2017Q2/net/openntpd/Makefile branches/2017Q2/security/acme-client/Makefile branches/2017Q2/security/libressl-devel/Makefile branches/2017Q2/security/libressl/Makefile Directory Properties: branches/2017Q2/ (props changed) Modified: branches/2017Q2/net/openntpd/Makefile ============================================================================== --- branches/2017Q2/net/openntpd/Makefile Sun Apr 30 10:34:56 2017 (r439796) +++ branches/2017Q2/net/openntpd/Makefile Sun Apr 30 10:41:17 2017 (r439797) @@ -2,7 +2,7 @@ PORTNAME= openntpd PORTVERSION= 6.0p1 -PORTREVISION= 4 +PORTREVISION= 6 PORTEPOCH= 2 CATEGORIES= net MASTER_SITES= OPENBSD/OpenNTPD Modified: branches/2017Q2/security/acme-client/Makefile ============================================================================== --- branches/2017Q2/security/acme-client/Makefile Sun Apr 30 10:34:56 2017 (r439796) +++ branches/2017Q2/security/acme-client/Makefile Sun Apr 30 10:41:17 2017 (r439797) @@ -3,6 +3,7 @@ PORTNAME= acme-client PORTVERSION= 0.1.16 +PORTREVISION= 1 DISTVERSIONPREFIX= portable- CATEGORIES= security MASTER_SITES= https://kristaps.bsd.lv/${PORTNAME}/snapshots/ \ Modified: branches/2017Q2/security/libressl-devel/Makefile ============================================================================== --- branches/2017Q2/security/libressl-devel/Makefile Sun Apr 30 10:34:56 2017 (r439796) +++ branches/2017Q2/security/libressl-devel/Makefile Sun Apr 30 10:41:17 2017 (r439797) @@ -3,6 +3,7 @@ PORTNAME= libressl PORTVERSION= 2.5.2 +PORTREVISION= 1 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL PKGNAMESUFFIX= -devel Copied: branches/2017Q2/security/libressl-devel/files/patch-CVE-2017-8301 (from r439764, head/security/libressl-devel/files/patch-CVE-2017-8301) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2017Q2/security/libressl-devel/files/patch-CVE-2017-8301 Sun Apr 30 10:41:17 2017 (r439797, copy of r439764, head/security/libressl-devel/files/patch-CVE-2017-8301) @@ -0,0 +1,32 @@ +https://marc.info/?l=openbsd-cvs&m=149342064612660 + +=================================================================== +RCS file: /cvs/src/lib/libcrypto/x509/x509_vfy.c,v +retrieving revision 1.61 +retrieving revision 1.61.4.1 +diff -u -r1.61 -r1.61.4.1 +--- crypto/x509/x509_vfy.c 2017/02/05 02:33:21 1.61 ++++ crypto/x509/x509_vfy.c 2017/04/28 23:12:04 1.61.4.1 +@@ -1,4 +1,4 @@ +-/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */ ++/* $OpenBSD: x509_vfy.c,v 1.61.4.1 2017/04/28 23:12:04 beck Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -541,15 +541,7 @@ + /* Safety net, error returns must set ctx->error */ + if (ok <= 0 && ctx->error == X509_V_OK) + ctx->error = X509_V_ERR_UNSPECIFIED; +- +- /* +- * Safety net, if user provided verify callback indicates sucess +- * make sure they have set error to X509_V_OK +- */ +- if (ctx->verify_cb != null_callback && ok == 1) +- ctx->error = X509_V_OK; +- +- return(ctx->error == X509_V_OK); ++ return ok; + } + + /* Given a STACK_OF(X509) find the issuer of cert (if any) Modified: branches/2017Q2/security/libressl/Makefile ============================================================================== --- branches/2017Q2/security/libressl/Makefile Sun Apr 30 10:34:56 2017 (r439796) +++ branches/2017Q2/security/libressl/Makefile Sun Apr 30 10:41:17 2017 (r439797) @@ -3,6 +3,7 @@ PORTNAME= libressl PORTVERSION= 2.4.5 +PORTREVISION= 1 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL Copied: branches/2017Q2/security/libressl/files/patch-CVE-2017-8301 (from r439762, head/security/libressl/files/patch-CVE-2017-8301) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2017Q2/security/libressl/files/patch-CVE-2017-8301 Sun Apr 30 10:41:17 2017 (r439797, copy of r439762, head/security/libressl/files/patch-CVE-2017-8301) @@ -0,0 +1,32 @@ +https://marc.info/?l=openbsd-cvs&m=149342064612660 + +=================================================================== +RCS file: /cvs/src/lib/libcrypto/x509/x509_vfy.c,v +retrieving revision 1.61 +retrieving revision 1.61.4.1 +diff -u -r1.61 -r1.61.4.1 +--- crypto/x509/x509_vfy.c 2017/02/05 02:33:21 1.61 ++++ crypto/x509/x509_vfy.c 2017/04/28 23:12:04 1.61.4.1 +@@ -1,4 +1,4 @@ +-/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */ ++/* $OpenBSD: x509_vfy.c,v 1.61.4.1 2017/04/28 23:12:04 beck Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -541,15 +541,7 @@ + /* Safety net, error returns must set ctx->error */ + if (ok <= 0 && ctx->error == X509_V_OK) + ctx->error = X509_V_ERR_UNSPECIFIED; +- +- /* +- * Safety net, if user provided verify callback indicates sucess +- * make sure they have set error to X509_V_OK +- */ +- if (ctx->verify_cb != null_callback && ok == 1) +- ctx->error = X509_V_OK; +- +- return(ctx->error == X509_V_OK); ++ return ok; + } + + /* Given a STACK_OF(X509) find the issuer of cert (if any)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704301041.v3UAfHTk004356>