Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 28 May 2024 16:49:19 GMT
From:      Bernard Spil <brnrd@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 6ace8008e56f - main - security/openssl33: Security update for CVE-2024-4741
Message-ID:  <202405281649.44SGnJJj075228@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by brnrd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6ace8008e56ffd41133206478ef6926e9d509735

commit 6ace8008e56ffd41133206478ef6926e9d509735
Author:     Bernard Spil <brnrd@FreeBSD.org>
AuthorDate: 2024-05-28 16:49:06 +0000
Commit:     Bernard Spil <brnrd@FreeBSD.org>
CommitDate: 2024-05-28 16:49:06 +0000

    security/openssl33: Security update for CVE-2024-4741
    
    Security:       73a697d7-1d0f-11ef-a490-84a93843eb75
    MFH:            2024Q2
---
 security/openssl33/Makefile                  |  2 +-
 security/openssl33/files/patch-CVE-2024-4741 | 36 ++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/security/openssl33/Makefile b/security/openssl33/Makefile
index 15a1cb76763b..093c21e2fbe5 100644
--- a/security/openssl33/Makefile
+++ b/security/openssl33/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	openssl
 DISTVERSION=	3.3.0
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security devel
 MASTER_SITES=	https://www.openssl.org/source/ \
 		ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/
diff --git a/security/openssl33/files/patch-CVE-2024-4741 b/security/openssl33/files/patch-CVE-2024-4741
new file mode 100644
index 000000000000..47e857a9bafd
--- /dev/null
+++ b/security/openssl33/files/patch-CVE-2024-4741
@@ -0,0 +1,36 @@
+From e5093133c35ca82874ad83697af76f4b0f7e3bd8 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 23 Apr 2024 16:34:46 +0100
+Subject: [PATCH] Only free the read buffers if we're not using them
+
+If we're part way through processing a record, or the application has
+not released all the records then we should not free our buffer because
+they are still needed.
+
+CVE-2024-4741
+
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+Reviewed-by: Neil Horman <nhorman@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/24395)
+
+(cherry picked from commit 38690cab18de88198f46478565fab423cf534efa)
+---
+ ssl/record/methods/tls_common.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
+index b7481c071f746..01cf3012b8c2c 100644
+--- ssl/record/methods/tls_common.c.orig
++++ ssl/record/methods/tls_common.c
+@@ -2124,7 +2124,10 @@ int tls_free_buffers(OSSL_RECORD_LAYER *rl)
+     /* Read direction */
+ 
+     /* If we have pending data to be read then fail */
+-    if (rl->curr_rec < rl->num_recs || TLS_BUFFER_get_left(&rl->rbuf) != 0)
++    if (rl->curr_rec < rl->num_recs
++            || rl->curr_rec != rl->num_released
++            || TLS_BUFFER_get_left(&rl->rbuf) != 0
++            || rl->rstate == SSL_ST_READ_BODY)
+         return 0;
+ 
+     return tls_release_read_buffer(rl);



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202405281649.44SGnJJj075228>