From owner-svn-src-all@freebsd.org Sat Dec 9 03:45:25 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 29ED2E9C5DA; Sat, 9 Dec 2017 03:45:25 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DFE65731C1; Sat, 9 Dec 2017 03:45:24 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id vB93jOXg092570; Sat, 9 Dec 2017 03:45:24 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id vB93jNQR092564; Sat, 9 Dec 2017 03:45:23 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201712090345.vB93jNQR092564@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Sat, 9 Dec 2017 03:45:23 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r326723 - in releng: 10.3 10.3/crypto/openssl/ssl 10.3/sys/conf 10.4 10.4/crypto/openssl/ssl 10.4/sys/conf X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng: 10.3 10.3/crypto/openssl/ssl 10.3/sys/conf 10.4 10.4/crypto/openssl/ssl 10.4/sys/conf X-SVN-Commit-Revision: 326723 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Dec 2017 03:45:25 -0000 Author: gordon Date: Sat Dec 9 03:45:23 2017 New Revision: 326723 URL: https://svnweb.freebsd.org/changeset/base/326723 Log: Fix error state handling Approved by: so Security: CVE-2017-3737 Security: FreeBSD-SA-17:12.openssl Modified: releng/10.3/UPDATING releng/10.3/crypto/openssl/ssl/ssl.h releng/10.3/sys/conf/newvers.sh releng/10.4/UPDATING releng/10.4/crypto/openssl/ssl/ssl.h releng/10.4/sys/conf/newvers.sh Modified: releng/10.3/UPDATING ============================================================================== --- releng/10.3/UPDATING Sat Dec 9 03:44:26 2017 (r326722) +++ releng/10.3/UPDATING Sat Dec 9 03:45:23 2017 (r326723) @@ -1,5 +1,5 @@ Updating Information for FreeBSD current users - +2 This file is maintained and copyrighted by M. Warner Losh . See end of file for further details. For commonly done items, please see the COMMON ITEMS: section later in the file. These instructions assume that you @@ -15,6 +15,10 @@ NOTE: FreeBSD has switched from gcc to clang. If you h from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. + +20171209 p26 FreeBSD-SA-17:12.openssl + + Fix OpenSSL error state vulnerability. 20171129 p25 FreeBSD-SA-17:11.openssl Modified: releng/10.3/crypto/openssl/ssl/ssl.h ============================================================================== --- releng/10.3/crypto/openssl/ssl/ssl.h Sat Dec 9 03:44:26 2017 (r326722) +++ releng/10.3/crypto/openssl/ssl/ssl.h Sat Dec 9 03:45:23 2017 (r326723) @@ -1544,7 +1544,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) -# define SSL_ST_ERR 0x05 +# define SSL_ST_ERR (0x05|SSL_ST_INIT) # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 Modified: releng/10.3/sys/conf/newvers.sh ============================================================================== --- releng/10.3/sys/conf/newvers.sh Sat Dec 9 03:44:26 2017 (r326722) +++ releng/10.3/sys/conf/newvers.sh Sat Dec 9 03:45:23 2017 (r326723) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.3" -BRANCH="RELEASE-p25" +BRANCH="RELEASE-p26" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/10.4/UPDATING ============================================================================== --- releng/10.4/UPDATING Sat Dec 9 03:44:26 2017 (r326722) +++ releng/10.4/UPDATING Sat Dec 9 03:45:23 2017 (r326723) @@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG to b stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20171209 p5 FreeBSD-SA-17:12.openssl + + Fix OpenSSL error state vulnerability. + 20171129 p4 FreeBSD-SA-17:11.openssl Fix OpenSSL out-of-bounds read vulnerability. Modified: releng/10.4/crypto/openssl/ssl/ssl.h ============================================================================== --- releng/10.4/crypto/openssl/ssl/ssl.h Sat Dec 9 03:44:26 2017 (r326722) +++ releng/10.4/crypto/openssl/ssl/ssl.h Sat Dec 9 03:45:23 2017 (r326723) @@ -1544,7 +1544,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) -# define SSL_ST_ERR 0x05 +# define SSL_ST_ERR (0x05|SSL_ST_INIT) # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 Modified: releng/10.4/sys/conf/newvers.sh ============================================================================== --- releng/10.4/sys/conf/newvers.sh Sat Dec 9 03:44:26 2017 (r326722) +++ releng/10.4/sys/conf/newvers.sh Sat Dec 9 03:45:23 2017 (r326723) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.4" -BRANCH="RELEASE-p4" +BRANCH="RELEASE-p5" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi