From owner-freebsd-bugs@FreeBSD.ORG Fri Jan 16 00:47:30 2015 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D8116C6A for ; Fri, 16 Jan 2015 00:47:30 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A4943A75 for ; Fri, 16 Jan 2015 00:47:30 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t0G0lUEw073333 for ; Fri, 16 Jan 2015 00:47:30 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 191799] [patch] openssl - fix regression from CVE-2014-0224 - "ccs received early" Date: Fri, 16 Jan 2015 00:47:30 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: bin X-Bugzilla-Version: 8.4-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Many People X-Bugzilla-Who: andrew.daugherity@gmail.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jan 2015 00:47:30 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191799 --- Comment #1 from Andrew Daugherity --- Pasting in lost comments from the mailing list archives. It seems I do not have permissions to add the people to CC that Xin LI did in #2, so if someone can redo that, it would be appreciated. FYI I browsed the openssl patch that just dropped (FreeBSD-SA-15:01.openssl) and it appears to be unrelated to this issue (aside from making me buildworld yet again). ======== --- Comment #1 from Andrew Daugherity --- This bug still needs attention -- I have to rebuild libssl locally (with this patch) after each openssl advisory. For releng/10.1 it was fixed with the import of openssl 1.0.1i in r269686. It has not been fixed for releng/10.0, 9.3, or 8.4 (or 9.1/9.2, but those have fallen out of support). Can someone please add the 'patch' and 'regression' keywords (or whatever is appropriate -- I apparently can't set them myself) so the appropriate people see it and the patch can be reviewed/committed? Thanks! Xin LI changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |benl at FreeBSD.org, | |delphij at FreeBSD.org, | |jkim at FreeBSD.org --- Comment #2 from Xin LI --- (In reply to Andrew Daugherity from comment #1) The change was superseded later by commit e94a6c0 [1] which looks like needs to be ported, too? Adding OpenSSL maintainers for their opinion as well. [1] https://github.com/openssl/openssl/commit/e94a6c0ede623960728415b68650a595e48f5a43 --- Comment #3 from Andrew Daugherity --- (In reply to Xin LI from comment #2) Interestingly, that fix was not committed to the upstream OpenSSL_0_9_8-stable branch. No idea if that's an oversight or intentional. If it was correctly omitted, then only FreeBSD 10.x would need the extra fix, as 8.x and 9.x track 0.9.8 and would only need the original one-line patch. ======== -- You are receiving this mail because: You are the assignee for the bug.