Date: Sat, 9 Dec 2017 03:45:23 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r326723 - in releng: 10.3 10.3/crypto/openssl/ssl 10.3/sys/conf 10.4 10.4/crypto/openssl/ssl 10.4/sys/conf Message-ID: <201712090345.vB93jNQR092564@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon Date: Sat Dec 9 03:45:23 2017 New Revision: 326723 URL: https://svnweb.freebsd.org/changeset/base/326723 Log: Fix error state handling Approved by: so Security: CVE-2017-3737 Security: FreeBSD-SA-17:12.openssl Modified: releng/10.3/UPDATING releng/10.3/crypto/openssl/ssl/ssl.h releng/10.3/sys/conf/newvers.sh releng/10.4/UPDATING releng/10.4/crypto/openssl/ssl/ssl.h releng/10.4/sys/conf/newvers.sh Modified: releng/10.3/UPDATING ============================================================================== --- releng/10.3/UPDATING Sat Dec 9 03:44:26 2017 (r326722) +++ releng/10.3/UPDATING Sat Dec 9 03:45:23 2017 (r326723) @@ -1,5 +1,5 @@ Updating Information for FreeBSD current users - +2 This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>. See end of file for further details. For commonly done items, please see the COMMON ITEMS: section later in the file. These instructions assume that you @@ -15,6 +15,10 @@ NOTE: FreeBSD has switched from gcc to clang. If you h from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. + +20171209 p26 FreeBSD-SA-17:12.openssl + + Fix OpenSSL error state vulnerability. 20171129 p25 FreeBSD-SA-17:11.openssl Modified: releng/10.3/crypto/openssl/ssl/ssl.h ============================================================================== --- releng/10.3/crypto/openssl/ssl/ssl.h Sat Dec 9 03:44:26 2017 (r326722) +++ releng/10.3/crypto/openssl/ssl/ssl.h Sat Dec 9 03:45:23 2017 (r326723) @@ -1544,7 +1544,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) -# define SSL_ST_ERR 0x05 +# define SSL_ST_ERR (0x05|SSL_ST_INIT) # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 Modified: releng/10.3/sys/conf/newvers.sh ============================================================================== --- releng/10.3/sys/conf/newvers.sh Sat Dec 9 03:44:26 2017 (r326722) +++ releng/10.3/sys/conf/newvers.sh Sat Dec 9 03:45:23 2017 (r326723) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.3" -BRANCH="RELEASE-p25" +BRANCH="RELEASE-p26" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/10.4/UPDATING ============================================================================== --- releng/10.4/UPDATING Sat Dec 9 03:44:26 2017 (r326722) +++ releng/10.4/UPDATING Sat Dec 9 03:45:23 2017 (r326723) @@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG to b stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20171209 p5 FreeBSD-SA-17:12.openssl + + Fix OpenSSL error state vulnerability. + 20171129 p4 FreeBSD-SA-17:11.openssl Fix OpenSSL out-of-bounds read vulnerability. Modified: releng/10.4/crypto/openssl/ssl/ssl.h ============================================================================== --- releng/10.4/crypto/openssl/ssl/ssl.h Sat Dec 9 03:44:26 2017 (r326722) +++ releng/10.4/crypto/openssl/ssl/ssl.h Sat Dec 9 03:45:23 2017 (r326723) @@ -1544,7 +1544,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) -# define SSL_ST_ERR 0x05 +# define SSL_ST_ERR (0x05|SSL_ST_INIT) # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 Modified: releng/10.4/sys/conf/newvers.sh ============================================================================== --- releng/10.4/sys/conf/newvers.sh Sat Dec 9 03:44:26 2017 (r326722) +++ releng/10.4/sys/conf/newvers.sh Sat Dec 9 03:45:23 2017 (r326723) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.4" -BRANCH="RELEASE-p4" +BRANCH="RELEASE-p5" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201712090345.vB93jNQR092564>