From owner-svn-ports-all@FreeBSD.ORG  Mon Apr 14 04:18:55 2014
Return-Path: <owner-svn-ports-all@FreeBSD.ORG>
Delivered-To: svn-ports-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 72840689;
 Mon, 14 Apr 2014 04:18:55 +0000 (UTC)
Received: from smtp-out-05.shaw.ca (smtp-out-05.shaw.ca [64.59.134.13])
 by mx1.freebsd.org (Postfix) with ESMTP id CD76B1B01;
 Mon, 14 Apr 2014 04:18:51 +0000 (UTC)
X-Cloudmark-SP-Filtered: true
X-Cloudmark-SP-Result: v=1.1 cv=dwjLhcNAn+N65iW9oApC92yF2BXVJAhWBlCn9pRWT9g=
 c=1 sm=1
 a=RZIhvJRQr5YA:10 a=QrugwKR0C_UA:10 a=wAGQQ9Az6v0A:10 a=BLceEmwcHowA:10
 a=ICAaq7hcmGcA:10 a=kj9zAlcOel0A:10 a=IbtKDeXwb2+SRU442/pi3A==:17
 a=6I5d2MoRAAAA:8 a=KC9ug_Y4AAAA:8 a=Ntg_Zx-WAAAA:8 a=OxEAv6DlAAAA:8
 a=3tcz3bTJAAAA:8 a=BWvPGDcYAAAA:8 a=Do8u5DZW7Bk3G5uXY88A:9
 a=CjuIK1q_8ugA:10 a=OrBpBuw_MJkA:10 a=V7tsTZBp22UA:10 a=SV7veod9ZcQA:10
 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117
Received: from unknown (HELO spqr.komquats.com) ([96.50.7.119])
 by smtp-out-05.shaw.ca with ESMTP; 13 Apr 2014 22:18:44 -0600
Received: from slippy.cwsent.com (slippy [10.1.1.91])
 by spqr.komquats.com (Postfix) with ESMTP id B6EA69BE7;
 Sun, 13 Apr 2014 21:18:43 -0700 (PDT)
Received: from slippy.cwsent.com (localhost [127.0.0.1])
 by slippy.cwsent.com (8.14.8/8.14.8) with ESMTP id s3E4IhVY016241;
 Sun, 13 Apr 2014 21:18:43 -0700 (PDT)
 (envelope-from Cy.Schubert@komquats.com)
Received: from slippy (cy@localhost)
 by slippy.cwsent.com (8.14.8/8.13.1/Submit) with ESMTP id s3E4Ihdp016237;
 Sun, 13 Apr 2014 21:18:43 -0700 (PDT)
 (envelope-from Cy.Schubert@komquats.com)
Message-Id: <201404140418.s3E4Ihdp016237@slippy.cwsent.com>
X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs
X-Mailer: exmh version 2.8.0 04/21/2012 with nmh-1.5
From: Cy Schubert <Cy.Schubert@komquats.com>
X-os: FreeBSD
X-Sender: cy@cwsent.com
X-URL: http://www.komquats.com/
To: Dirk Meyer <dinoex@FreeBSD.org>, so@freebsd.org, benl@freebsd.org
Subject: Re: svn commit: r351191 - in head/security/openssl: . files
In-Reply-To: Message from Dirk Meyer <dinoex@FreeBSD.org> of "Sun,
 13 Apr 2014 08:40:14 -0000." <201404130840.s3D8eE1X031490@svn.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 13 Apr 2014 21:18:43 -0700
Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org,
 Gleb Smirnoff <glebius@FreeBSD.org>, ports-committers@freebsd.org
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: Cy Schubert <Cy.Schubert@komquats.com>
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Apr 2014 04:18:55 -0000

In message <201404130840.s3D8eE1X031490@svn.freebsd.org>, Dirk Meyer writes:
> Author: dinoex
> Date: Sun Apr 13 08:40:13 2014
> New Revision: 351191
> URL: http://svnweb.freebsd.org/changeset/ports/351191
> QAT: https://qat.redports.org/buildarchive/r351191/
> 
> Log:
>   - fix a 4 year old "use-after-free" problem
>   https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
>   http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
>   http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008_openssl.patch
>   Obtained from:	OpenBSD
> 
> Added:
>   head/security/openssl/files/patch-ssl-s3_pkt.c   (contents, props changed)
> Modified:
>   head/security/openssl/Makefile
> 
> Modified: head/security/openssl/Makefile
> =============================================================================
> =
> --- head/security/openssl/Makefile	Sun Apr 13 08:34:32 2014	(r35119
> 0)
> +++ head/security/openssl/Makefile	Sun Apr 13 08:40:13 2014	(r35119
> 1)
> @@ -4,7 +4,7 @@
>  PORTNAME=	openssl
>  PORTVERSION=	1.0.1
>  DISTVERSIONSUFFIX=	g
> -PORTREVISION=	10
> +PORTREVISION=	11
>  CATEGORIES=	security devel
>  MASTER_SITES=	http://www.openssl.org/%SUBDIR%/ \
>  		ftp://ftp.openssl.org/%SUBDIR%/ \
> 
> Added: head/security/openssl/files/patch-ssl-s3_pkt.c
> =============================================================================
> =
> --- /dev/null	00:00:00 1970	(empty, because file is newly added)
> +++ head/security/openssl/files/patch-ssl-s3_pkt.c	Sun Apr 13 08:40:13 201
> 4	(r351191)
> @@ -0,0 +1,13 @@
> +Index: crypto/openssl/ssl/s3_pkt.c
> +===================================================================
> +--- ssl/s3_pkt.c	(revision 264309)
> ++++ ssl/s3_pkt.c	(working copy)
> +@@ -1055,7 +1055,7 @@ start:
> +				{
> +				s->rstate=SSL_ST_READ_HEADER;
> +				rr->off=0;
> +-				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
> ++				if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3
> ->rbuf.left == 0)
> +					ssl3_release_read_buffer(s);
> +				}
> +			}
> 
> 

I don't see this in base. Would this not be a good candidate for openssl in 
base?


-- 
Cheers,
Cy Schubert <Cy.Schubert@komquats.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.