Date: Sat, 29 Apr 2017 17:32:15 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r439764 - in head/security/libressl-devel: . files Message-ID: <201704291732.v3THWFKO065849@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Sat Apr 29 17:32:15 2017 New Revision: 439764 URL: https://svnweb.freebsd.org/changeset/ports/439764 Log: security/libressl: Fix vulnerability Obtained from: OpenBSD MFH: 2017Q2 Security: 24673ed7-2bf3-11e7-b291-b499baebfeaf Security: CVE-2017-8301 Added: head/security/libressl-devel/files/patch-CVE-2017-8301 - copied unchanged from r439762, head/security/libressl/files/patch-CVE-2017-8301 Modified: head/security/libressl-devel/Makefile Modified: head/security/libressl-devel/Makefile ============================================================================== --- head/security/libressl-devel/Makefile Sat Apr 29 17:29:01 2017 (r439763) +++ head/security/libressl-devel/Makefile Sat Apr 29 17:32:15 2017 (r439764) @@ -3,6 +3,7 @@ PORTNAME= libressl PORTVERSION= 2.5.3 +PORTREVISION= 1 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL PKGNAMESUFFIX= -devel Copied: head/security/libressl-devel/files/patch-CVE-2017-8301 (from r439762, head/security/libressl/files/patch-CVE-2017-8301) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/libressl-devel/files/patch-CVE-2017-8301 Sat Apr 29 17:32:15 2017 (r439764, copy of r439762, head/security/libressl/files/patch-CVE-2017-8301) @@ -0,0 +1,32 @@ +https://marc.info/?l=openbsd-cvs&m=149342064612660 + +=================================================================== +RCS file: /cvs/src/lib/libcrypto/x509/x509_vfy.c,v +retrieving revision 1.61 +retrieving revision 1.61.4.1 +diff -u -r1.61 -r1.61.4.1 +--- crypto/x509/x509_vfy.c 2017/02/05 02:33:21 1.61 ++++ crypto/x509/x509_vfy.c 2017/04/28 23:12:04 1.61.4.1 +@@ -1,4 +1,4 @@ +-/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */ ++/* $OpenBSD: x509_vfy.c,v 1.61.4.1 2017/04/28 23:12:04 beck Exp $ */ + /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * +@@ -541,15 +541,7 @@ + /* Safety net, error returns must set ctx->error */ + if (ok <= 0 && ctx->error == X509_V_OK) + ctx->error = X509_V_ERR_UNSPECIFIED; +- +- /* +- * Safety net, if user provided verify callback indicates sucess +- * make sure they have set error to X509_V_OK +- */ +- if (ctx->verify_cb != null_callback && ok == 1) +- ctx->error = X509_V_OK; +- +- return(ctx->error == X509_V_OK); ++ return ok; + } + + /* Given a STACK_OF(X509) find the issuer of cert (if any)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704291732.v3THWFKO065849>