From owner-freebsd-stable@FreeBSD.ORG Fri Mar 20 01:24:13 2015 Return-Path: Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 201D4902; Fri, 20 Mar 2015 01:24:13 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 018DA89C; Fri, 20 Mar 2015 01:24:13 +0000 (UTC) Received: from zeta.ixsystems.com (unknown [12.229.62.2]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id BF61E125D9; Thu, 19 Mar 2015 18:24:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1426814652; x=1426829052; bh=/JXovibgxcm1MWi6snrMP8Sl7NcAGpdHDN6cpXvXyo4=; h=Date:From:Reply-To:To:Subject; b=qBS1Cz0rHUqbPxWOW3aq9WkuyDquFD0peMbGQehCH7nZCHmdijiUkLuyel4IbVug+ s4i2NjuboO/t1DXlyxWNhNNW82Yp5E2nNTEnuZmGCzmWsc7ljBu8/OXOUAabvXxCah yltUZcSS6t4NzMftGIdWWU0SChMCn0Kbu1/Xq3HE= Message-ID: <550B76BC.4010605@delphij.net> Date: Thu, 19 Mar 2015 18:24:12 -0700 From: Xin Li Reply-To: d@delphij.net Organization: The FreeBSD Project MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG, FreeBSD Stable Mailing List Subject: HEADSUP -- issues with SA-15:06.openssl Content-Type: multipart/mixed; boundary="------------010900000507010806080301" X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Mar 2015 01:24:13 -0000 This is a multi-part message in MIME format. --------------010900000507010806080301 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, Please be advised that we have noticed some issues with SA-15:06.openssl and are actively working on validating the fix. A copy of draft errata patches is attached. My apologies for this mess. Revised advisories would be announced once we have made sure that everything is correct. Cheers, -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.2 (FreeBSD) iQIcBAEBCgAGBQJVC3a5AAoJEJW2GBstM+ns+s4P/A+M1xdhycNvo0qsSTfLcah1 uAvZnWLo7gobBM8CxlrgtrXkRsYwGp7Q6bzW63PA+8qE4FIht7/fgMpXNHufK8bz 1b/h0KrnPs7rEBe3K13RJEI5ufVb/Xj1mOVY59GCJ76QuekN9nEGbYRE2Fbg8yhE iOWLpNWKsQBPdDhMfqmayUZmuZf8pPhgIEwzEsSefnZhe1XrN5kX8s4T00aWieSz MbEkLRfOlVn+qeXlZOp6R96vEoNYaGeTnX7AN16wKg+0Sipk9AJBDFUODjPQgzIr 4BbL8TpW3DvC0cOOpJnYb4KVy7o+54QMFoDr0Gt0R/HZQj3lzdtOBbTFfNs82KDl wWPZB3G4CY5l2d1CYQjUQtXmuRnro3JrslBbx00RcLAs9deDtIoJVqHQv0wiLSlZ jv1lWZbyUhVw/9cY4A8c1QRs01YWGGPZV4cuO0RN56zs6ipIK/0XkzYrY+b2yWku U5slMwqhuREZ1ypLcfUwQHgnyX094wTXkuJQ2l+4dMiO8wV6gW5x3C2lOe/0OHYP L0Atb84aYvMG9RlFCTF6CB2226tRjqxuFhI+x2d0choVJpMt5SJ2cfBi5E3e9Ooy roPVTlOwB1tsYVi3fjYjwJZ5TiPDq3ekcByTmIrasrsFB5+9tBDBnRC5nERNITM4 o69NYExg60dSJ8p5RTeE =wG30 -----END PGP SIGNATURE----- --------------010900000507010806080301 Content-Type: text/plain; charset=UTF-8; name="openssl-1.0.1-errata.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="openssl-1.0.1-errata.patch" SW5kZXg6IGNyeXB0by9vcGVuc3NsL2NyeXB0by9hc24xL3Rhc25fZGVjLmMKPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PQotLS0gY3J5cHRvL29wZW5zc2wvY3J5cHRvL2FzbjEvdGFzbl9kZWMuYwkocmV2aXNp b24gMjgwMjcyKQorKysgY3J5cHRvL29wZW5zc2wvY3J5cHRvL2FzbjEvdGFzbl9kZWMuYwko d29ya2luZyBjb3B5KQpAQCAtMTI3LDIyICsxMjcsMTYgQEAgdW5zaWduZWQgbG9uZyBBU04x X3RhZzJiaXQoaW50IHRhZykKIAogQVNOMV9WQUxVRSAqQVNOMV9pdGVtX2QyaShBU04xX1ZB TFVFICoqcHZhbCwKIAkJY29uc3QgdW5zaWduZWQgY2hhciAqKmluLCBsb25nIGxlbiwgY29u c3QgQVNOMV9JVEVNICppdCkKLXsKKwl7CiAJQVNOMV9UTEMgYzsKIAlBU04xX1ZBTFVFICpw dG1wdmFsID0gTlVMTDsKKwlpZiAoIXB2YWwpCisJCXB2YWwgPSAmcHRtcHZhbDsKIAlhc24x X3RsY19jbGVhcl9uYygmYyk7Ci0JaWYgKHB2YWwgJiYgKnB2YWwgJiYgaXQtPml0eXBlID09 IEFTTjFfSVRZUEVfUFJJTUlUSVZFKQotCQlwdG1wdmFsID0gKnB2YWw7Ci0JaWYgKEFTTjFf aXRlbV9leF9kMmkoJnB0bXB2YWwsIGluLCBsZW4sIGl0LCAtMSwgMCwgMCwgJmMpID4gMCkg ewotCQlpZiAocHZhbCAmJiBpdC0+aXR5cGUgIT0gQVNOMV9JVFlQRV9QUklNSVRJVkUpIHsK LQkJCWlmICgqcHZhbCkKLQkJCQlBU04xX2l0ZW1fZnJlZSgqcHZhbCwgaXQpOwotCQkJKnB2 YWwgPSBwdG1wdmFsOwotCQl9Ci0JCXJldHVybiBwdG1wdmFsOworCWlmIChBU04xX2l0ZW1f ZXhfZDJpKHB2YWwsIGluLCBsZW4sIGl0LCAtMSwgMCwgMCwgJmMpID4gMCkgCisJCXJldHVy biAqcHZhbDsKKwlyZXR1cm4gTlVMTDsKIAl9Ci0JcmV0dXJuIE5VTEw7Ci19CiAKIGludCBB U04xX3RlbXBsYXRlX2QyaShBU04xX1ZBTFVFICoqcHZhbCwKIAkJY29uc3QgdW5zaWduZWQg Y2hhciAqKmluLCBsb25nIGxlbiwgY29uc3QgQVNOMV9URU1QTEFURSAqdHQpCkluZGV4OiBj cnlwdG8vb3BlbnNzbC9jcnlwdG8vZWMvZWNfYXNuMS5jCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGNy eXB0by9vcGVuc3NsL2NyeXB0by9lYy9lY19hc24xLmMJKHJldmlzaW9uIDI4MDI3MikKKysr IGNyeXB0by9vcGVuc3NsL2NyeXB0by9lYy9lY19hc24xLmMJKHdvcmtpbmcgY29weSkKQEAg LTExNDIsOCArMTE0Miw2IEBAIEVDX0tFWSAqZDJpX0VDUHJpdmF0ZUtleShFQ19LRVkgKiph LCBjb25zdCB1bnNpZ25lCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBFUlJf Ul9NQUxMT0NfRkFJTFVSRSk7CiAJCQlnb3RvIGVycjsKIAkJCX0KLQkJaWYgKGEpCi0JCQkq YSA9IHJldDsKIAkJfQogCWVsc2UKIAkJcmV0ID0gKmE7CkBAIC0xMjI1LDExICsxMjIzLDEz IEBAIEVDX0tFWSAqZDJpX0VDUHJpdmF0ZUtleShFQ19LRVkgKiphLCBjb25zdCB1bnNpZ25l CiAJCXJldC0+ZW5jX2ZsYWcgfD0gRUNfUEtFWV9OT19QVUJLRVk7CiAJCX0KIAorCWlmIChh KQorCQkqYSA9IHJldDsKIAlvayA9IDE7CiBlcnI6CiAJaWYgKCFvaykKIAkJewotCQlpZiAo cmV0KQorCQlpZiAocmV0ICYmIChhID09IE5VTEwgfHwgKmEgIT0gcmV0KSkKIAkJCUVDX0tF WV9mcmVlKHJldCk7CiAJCXJldCA9IE5VTEw7CiAJCX0KSW5kZXg6IGNyeXB0by9vcGVuc3Ns L2NyeXB0by94NTA5L3g1MDlfcmVxLmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gY3J5cHRvL29wZW5z c2wvY3J5cHRvL3g1MDkveDUwOV9yZXEuYwkocmV2aXNpb24gMjgwMjcyKQorKysgY3J5cHRv L29wZW5zc2wvY3J5cHRvL3g1MDkveDUwOV9yZXEuYwkod29ya2luZyBjb3B5KQpAQCAtOTIs NiArOTIsOCBAQCBYNTA5X1JFUSAqWDUwOV90b19YNTA5X1JFUShYNTA5ICp4LCBFVlBfUEtF WSAqcGtleQogCQlnb3RvIGVycjsKIAogCXBrdG1wID0gWDUwOV9nZXRfcHVia2V5KHgpOwor CWlmIChwa3RtcCA9PSBOVUxMKQorCQlnb3RvIGVycjsKIAlpPVg1MDlfUkVRX3NldF9wdWJr ZXkocmV0LHBrdG1wKTsKIAlFVlBfUEtFWV9mcmVlKHBrdG1wKTsKIAlpZiAoIWkpIGdvdG8g ZXJyOwo= --------------010900000507010806080301 Content-Type: text/plain; charset=UTF-8; name="openssl-0.9.8-errata.patch" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="openssl-0.9.8-errata.patch" SW5kZXg6IGNyeXB0by9vcGVuc3NsL2NyeXB0by9hc24xL3Rhc25fZGVjLmMKPT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PQotLS0gY3J5cHRvL29wZW5zc2wvY3J5cHRvL2FzbjEvdGFzbl9kZWMuYwkocmV2aXNp b24gMjgwMjcyKQorKysgY3J5cHRvL29wZW5zc2wvY3J5cHRvL2FzbjEvdGFzbl9kZWMuYwko d29ya2luZyBjb3B5KQpAQCAtMTI1LDIzICsxMjUsMTYgQEAgdW5zaWduZWQgbG9uZyBBU04x X3RhZzJiaXQoaW50IHRhZykKIAogQVNOMV9WQUxVRSAqQVNOMV9pdGVtX2QyaShBU04xX1ZB TFVFICoqcHZhbCwKIAkJY29uc3QgdW5zaWduZWQgY2hhciAqKmluLCBsb25nIGxlbiwgY29u c3QgQVNOMV9JVEVNICppdCkKLXsKKwl7CiAJQVNOMV9UTEMgYzsKIAlBU04xX1ZBTFVFICpw dG1wdmFsID0gTlVMTDsKKwlpZiAoIXB2YWwpCisJCXB2YWwgPSAmcHRtcHZhbDsKIAljLnZh bGlkID0gMDsKLQlpZiAocHZhbCAmJiAqcHZhbCAmJiBpdC0+aXR5cGUgPT0gQVNOMV9JVFlQ RV9QUklNSVRJVkUpCi0JCXB0bXB2YWwgPSAqcHZhbDsKLQotCWlmIChBU04xX2l0ZW1fZXhf ZDJpKCZwdG1wdmFsLCBpbiwgbGVuLCBpdCwgLTEsIDAsIDAsICZjKSA+IDApIHsKLQkJaWYg KHB2YWwgJiYgaXQtPml0eXBlICE9IEFTTjFfSVRZUEVfUFJJTUlUSVZFKSB7Ci0JCQlpZiAo KnB2YWwpCi0JCQkJQVNOMV9pdGVtX2ZyZWUoKnB2YWwsIGl0KTsKLQkJCSpwdmFsID0gcHRt cHZhbDsKLQkJfQotCQlyZXR1cm4gcHRtcHZhbDsKKwlpZiAoQVNOMV9pdGVtX2V4X2QyaShw dmFsLCBpbiwgbGVuLCBpdCwgLTEsIDAsIDAsICZjKSA+IDApIAorCQlyZXR1cm4gKnB2YWw7 CisJcmV0dXJuIE5VTEw7CiAJfQotCXJldHVybiBOVUxMOwotfQogCiBpbnQgQVNOMV90ZW1w bGF0ZV9kMmkoQVNOMV9WQUxVRSAqKnB2YWwsCiAJCWNvbnN0IHVuc2lnbmVkIGNoYXIgKipp biwgbG9uZyBsZW4sIGNvbnN0IEFTTjFfVEVNUExBVEUgKnR0KQpJbmRleDogY3J5cHRvL29w ZW5zc2wvY3J5cHRvL2VjL2VjX2FzbjEuYwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBjcnlwdG8vb3Bl bnNzbC9jcnlwdG8vZWMvZWNfYXNuMS5jCShyZXZpc2lvbiAyODAyNzIpCisrKyBjcnlwdG8v b3BlbnNzbC9jcnlwdG8vZWMvZWNfYXNuMS5jCSh3b3JraW5nIGNvcHkpCkBAIC0xMTI2LDgg KzExMjYsNiBAQCBFQ19LRVkgKmQyaV9FQ1ByaXZhdGVLZXkoRUNfS0VZICoqYSwgY29uc3Qg dW5zaWduZQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgRVJSX1JfTUFMTE9D X0ZBSUxVUkUpOwogCQkJZ290byBlcnI7CiAJCQl9Ci0JCWlmIChhKQotCQkJKmEgPSByZXQ7 CiAJCX0KIAllbHNlCiAJCXJldCA9ICphOwpAQCAtMTE5MiwxMSArMTE5MCwxMyBAQCBFQ19L RVkgKmQyaV9FQ1ByaXZhdGVLZXkoRUNfS0VZICoqYSwgY29uc3QgdW5zaWduZQogCQkJfQog CQl9CiAKKwlpZiAoYSkKKwkJKmEgPSByZXQ7CiAJb2sgPSAxOwogZXJyOgogCWlmICghb2sp CiAJCXsKLQkJaWYgKHJldCkKKwkJaWYgKHJldCAmJiAoYSA9PSBOVUxMIHx8ICphICE9IHJl dCkpCiAJCQlFQ19LRVlfZnJlZShyZXQpOwogCQlyZXQgPSBOVUxMOwogCQl9CkluZGV4OiBj cnlwdG8vb3BlbnNzbC9jcnlwdG8veDUwOS94NTA5X3JlcS5jCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0t IGNyeXB0by9vcGVuc3NsL2NyeXB0by94NTA5L3g1MDlfcmVxLmMJKHJldmlzaW9uIDI4MDI3 MikKKysrIGNyeXB0by9vcGVuc3NsL2NyeXB0by94NTA5L3g1MDlfcmVxLmMJKHdvcmtpbmcg Y29weSkKQEAgLTkxLDYgKzkxLDggQEAgWDUwOV9SRVEgKlg1MDlfdG9fWDUwOV9SRVEoWDUw OSAqeCwgRVZQX1BLRVkgKnBrZXkKIAkJZ290byBlcnI7CiAKIAlwa3RtcCA9IFg1MDlfZ2V0 X3B1YmtleSh4KTsKKwlpZiAocGt0bXAgPT0gTlVMTCkKKwkJZ290byBlcnI7CiAJaT1YNTA5 X1JFUV9zZXRfcHVia2V5KHJldCxwa3RtcCk7CiAJRVZQX1BLRVlfZnJlZShwa3RtcCk7CiAJ aWYgKCFpKSBnb3RvIGVycjsK --------------010900000507010806080301--