From owner-svn-ports-all@FreeBSD.ORG Thu Jun 5 17:55:39 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B25438F5; Thu, 5 Jun 2014 17:55:39 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 851082860; Thu, 5 Jun 2014 17:55:39 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s55Htd21092969; Thu, 5 Jun 2014 17:55:39 GMT (envelope-from bdrewery@svn.freebsd.org) Received: (from bdrewery@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s55HtdZP092967; Thu, 5 Jun 2014 17:55:39 GMT (envelope-from bdrewery@svn.freebsd.org) Message-Id: <201406051755.s55HtdZP092967@svn.freebsd.org> From: Bryan Drewery Date: Thu, 5 Jun 2014 17:55:39 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r356657 - in branches/2014Q2/security/openssl: . files X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2014 17:55:39 -0000 Author: bdrewery Date: Thu Jun 5 17:55:38 2014 New Revision: 356657 URL: http://svnweb.freebsd.org/changeset/ports/356657 QAT: https://qat.redports.org/buildarchive/r356657/ Log: MFH: r352928 - Security patch Security: CVE-2014-0198 Security: http://seclists.org/oss-sec/2014/q2/232 Security: https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 Obtained from: OpenBSD Modified: branches/2014Q2/security/openssl/Makefile branches/2014Q2/security/openssl/files/patch-ssl-s3_pkt.c Directory Properties: branches/2014Q2/ (props changed) Modified: branches/2014Q2/security/openssl/Makefile ============================================================================== --- branches/2014Q2/security/openssl/Makefile Thu Jun 5 17:54:33 2014 (r356656) +++ branches/2014Q2/security/openssl/Makefile Thu Jun 5 17:55:38 2014 (r356657) @@ -4,7 +4,7 @@ PORTNAME= openssl PORTVERSION= 1.0.1 DISTVERSIONSUFFIX= g -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/%SUBDIR%/ \ ftp://ftp.openssl.org/%SUBDIR%/ \ Modified: branches/2014Q2/security/openssl/files/patch-ssl-s3_pkt.c ============================================================================== --- branches/2014Q2/security/openssl/files/patch-ssl-s3_pkt.c Thu Jun 5 17:54:33 2014 (r356656) +++ branches/2014Q2/security/openssl/files/patch-ssl-s3_pkt.c Thu Jun 5 17:55:38 2014 (r356657) @@ -1,13 +1,22 @@ -Index: crypto/openssl/ssl/s3_pkt.c -=================================================================== ---- ssl/s3_pkt.c (revision 264309) -+++ ssl/s3_pkt.c (working copy) -@@ -1055,7 +1055,7 @@ start: - { - s->rstate=SSL_ST_READ_HEADER; - rr->off=0; +--- ssl/s3_pkt.c.orig 2014-03-17 17:14:20.000000000 +0100 ++++ ssl/s3_pkt.c 2014-05-03 18:07:28.000000000 +0200 +@@ -657,6 +657,10 @@ + if (i <= 0) + return(i); + /* if it went, fall through and send more stuff */ ++ /* we may have released our buffer, so get it again */ ++ if (wb->buf == NULL) ++ if (!ssl3_setup_write_buffer(s)) ++ return -1; + } + + if (len == 0 && !create_empty_fragment) +@@ -1055,7 +1059,7 @@ + { + s->rstate=SSL_ST_READ_HEADER; + rr->off=0; - if (s->mode & SSL_MODE_RELEASE_BUFFERS) + if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) - ssl3_release_read_buffer(s); - } - } + ssl3_release_read_buffer(s); + } + }