From owner-svn-ports-all@FreeBSD.ORG Sat May 3 16:36:43 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 452F4675; Sat, 3 May 2014 16:36:43 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 17DFC1C4A; Sat, 3 May 2014 16:36:43 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s43GagoF049215; Sat, 3 May 2014 16:36:42 GMT (envelope-from dinoex@svn.freebsd.org) Received: (from dinoex@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s43GagHb049213; Sat, 3 May 2014 16:36:42 GMT (envelope-from dinoex@svn.freebsd.org) Message-Id: <201405031636.s43GagHb049213@svn.freebsd.org> From: Dirk Meyer Date: Sat, 3 May 2014 16:36:42 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r352928 - in head/security/openssl: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 May 2014 16:36:43 -0000 Author: dinoex Date: Sat May 3 16:36:42 2014 New Revision: 352928 URL: http://svnweb.freebsd.org/changeset/ports/352928 QAT: https://qat.redports.org/buildarchive/r352928/ Log: - Security patch Security: CVE-2014-0198 Security: http://seclists.org/oss-sec/2014/q2/232 Security: https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 Obtained from: OpenBSD Modified: head/security/openssl/Makefile head/security/openssl/files/patch-ssl-s3_pkt.c Modified: head/security/openssl/Makefile ============================================================================== --- head/security/openssl/Makefile Sat May 3 16:24:01 2014 (r352927) +++ head/security/openssl/Makefile Sat May 3 16:36:42 2014 (r352928) @@ -4,7 +4,7 @@ PORTNAME= openssl PORTVERSION= 1.0.1 DISTVERSIONSUFFIX= g -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \ ftp://ftp.openssl.org/%SUBDIR%/ \ Modified: head/security/openssl/files/patch-ssl-s3_pkt.c ============================================================================== --- head/security/openssl/files/patch-ssl-s3_pkt.c Sat May 3 16:24:01 2014 (r352927) +++ head/security/openssl/files/patch-ssl-s3_pkt.c Sat May 3 16:36:42 2014 (r352928) @@ -1,13 +1,22 @@ -Index: crypto/openssl/ssl/s3_pkt.c -=================================================================== ---- ssl/s3_pkt.c (revision 264309) -+++ ssl/s3_pkt.c (working copy) -@@ -1055,7 +1055,7 @@ start: - { - s->rstate=SSL_ST_READ_HEADER; - rr->off=0; +--- ssl/s3_pkt.c.orig 2014-03-17 17:14:20.000000000 +0100 ++++ ssl/s3_pkt.c 2014-05-03 18:07:28.000000000 +0200 +@@ -657,6 +657,10 @@ + if (i <= 0) + return(i); + /* if it went, fall through and send more stuff */ ++ /* we may have released our buffer, so get it again */ ++ if (wb->buf == NULL) ++ if (!ssl3_setup_write_buffer(s)) ++ return -1; + } + + if (len == 0 && !create_empty_fragment) +@@ -1055,7 +1059,7 @@ + { + s->rstate=SSL_ST_READ_HEADER; + rr->off=0; - if (s->mode & SSL_MODE_RELEASE_BUFFERS) + if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) - ssl3_release_read_buffer(s); - } - } + ssl3_release_read_buffer(s); + } + }