From owner-svn-src-head@FreeBSD.ORG Tue Apr 8 20:55:20 2014 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E225BC3C for ; Tue, 8 Apr 2014 20:55:20 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C7DED13BC for ; Tue, 8 Apr 2014 20:55:20 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s38KtKad048222 for ; Tue, 8 Apr 2014 20:55:20 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s38KtKm8048216 for svn-src-head@freebsd.org; Tue, 8 Apr 2014 20:55:20 GMT (envelope-from bdrewery) Received: (qmail 2566 invoked from network); 8 Apr 2014 15:55:18 -0500 Received: from unknown (HELO roundcube.xk42.net) (10.10.5.5) by sweb.xzibition.com with SMTP; 8 Apr 2014 15:55:18 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Tue, 08 Apr 2014 15:55:18 -0500 From: Bryan Drewery To: Xin LI Subject: Re: svn commit: r264265 - in head: crypto/openssl/crypto/bn crypto/openssl/crypto/ec crypto/openssl/ssl sys/fs/nfsserver Organization: FreeBSD In-Reply-To: <201404081827.s38IRXiL048987@svn.freebsd.org> References: <201404081827.s38IRXiL048987@svn.freebsd.org> Message-ID: X-Sender: bdrewery@FreeBSD.org User-Agent: Roundcube Webmail/0.9.5 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, secteam@FreeBSD.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 20:55:20 -0000 On 2014-04-08 13:27, Xin LI wrote: > Author: delphij > Date: Tue Apr 8 18:27:32 2014 > New Revision: 264265 > URL: http://svnweb.freebsd.org/changeset/base/264265 > > Log: > Fix NFS deadlock vulnerability. [SA-14:05] > > Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel > Attack in OpenSSL. [SA-14:06] > > Modified: > head/crypto/openssl/crypto/bn/bn.h > head/crypto/openssl/crypto/bn/bn_lib.c > head/crypto/openssl/crypto/ec/ec2_mult.c > head/crypto/openssl/ssl/d1_both.c > head/crypto/openssl/ssl/t1_lib.c > head/sys/fs/nfsserver/nfs_nfsdserv.c > __FreeBSD_version is needed too. Also, that this was a partial release of 1.0.1g is confusing a LOT of users. They think they are still vulnerable. They expect to see 1.0.1g in 'openssl version'. We could have our own version string in 'openssl version' to remedy this. -- Regards, Bryan Drewery