From nobody Mon Aug 12 18:44:14 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WjNht4nWgz5St9R; Mon, 12 Aug 2024 18:44:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WjNht4bN2z4Fw7; Mon, 12 Aug 2024 18:44:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723488254; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=mcMysGZ40yjG8ezgFwPShBwCyqCQPQuX6kihD09nqQo=; b=mC1YIy2pPJH7q04cLg6laTTtMjkcmiLfQBt7mV03NmUx3KI0tdu+YuRINsk81kKRn4hSTP csrhhLIj20hEQ9UTct1EjxTpKMfbKLWltnyThud2H7RV0eXzJvj2RPVYSkrVgjWIew4K7A V0SCMpBHbhskZJNcq/1HF0FdSS9actrJtmbE/6UvMWxGuHzKbcsjUTG++pvNPQnI8Gz4jD o4kjKrfWfdIWd4Qfh6d91T6cI+1MVONEJ8sLaHKwYUNcLnO0CGCS4qZUNCtccnX658c3XS 85w4yNm3lgxxyfpRCu2Z9M/yS2tcNXAxx3VhYTj2X2ofhoYppjgy98rtu/iVTg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1723488254; a=rsa-sha256; cv=none; b=yWR/SgVt3n4PCTHkBTdWEGxbdGz0xTetzQckvxZ0OLUpNX+xxtvRXLuaEyHap5Tu6bWnN5 ciIOR/R5x7flvm4sfENmgoexqw+oX6Ks1y0Yo9NpRWy9GiL0Uxai2hVZkG2iK2wJztcX3K g+OdH9v2gEc3g/WWnXWR5UUDkvfhBTC/Mc5ruFSDTyCiZ9nXvXBPSutnY06azZIxt5rvmP VQKVAhlY1T5jpE/y361zO4dote5pGvo/DPvfrEo8q9wvIn9/1SvR/rLgHntxNw6GipTseG Ss2OtIMzWTHpe2vreM5IwwFYJaHo2cZGUXphlqXB2UgjUU1Tnrs4rP5dEY6lLA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1723488254; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=mcMysGZ40yjG8ezgFwPShBwCyqCQPQuX6kihD09nqQo=; b=tBBooCpBrBZLbjdhdNgJkefduBJQFD2KY3BauTv4m1Hf+lzRO3B78tUqDWSHoBchAZxxEG mrkMsyNyws/57M9DPgNLn8Y4T8oXNdvbX/icTxuKZrB2cVzFhDrZa1GU0njvwHohs2gN+d Pc2FhfkUqk6vLiYjvXlXo1mY3kWcV1oDyHdRu2EfuXST3OAgs5Cv9jrU+Y438AYlMCALUi MGmJaH+zQTBEoo4GFjSG9Dez9jril+aaQ9hmqDujE1qEnV+KZjk25HqjJV4HjMvHTgc/Il NPtTt/kUgawzygzAi3Dnedt7al0WCkgEpYXTvRDdn5lckRjvgbB57elCXn+UlQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WjNht44ZPzf52; Mon, 12 Aug 2024 18:44:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 47CIiE6t031731; Mon, 12 Aug 2024 18:44:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 47CIiEmi031728; Mon, 12 Aug 2024 18:44:14 GMT (envelope-from git) Date: Mon, 12 Aug 2024 18:44:14 GMT Message-Id: <202408121844.47CIiEmi031728@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Bernard Spil Subject: git: 180f3dc55868 - main - security/openssl-quictls: Update to 3.0.14 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: brnrd X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 180f3dc55868139dabc313b9bf636adc27a793cb Auto-Submitted: auto-generated The branch main has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=180f3dc55868139dabc313b9bf636adc27a793cb commit 180f3dc55868139dabc313b9bf636adc27a793cb Author: Bernard Spil AuthorDate: 2024-08-12 18:44:12 +0000 Commit: Bernard Spil CommitDate: 2024-08-12 18:44:12 +0000 security/openssl-quictls: Update to 3.0.14 --- security/openssl-quictls/Makefile | 5 +- security/openssl-quictls/distinfo | 6 +- security/openssl-quictls/files/patch-CVE-2024-2511 | 118 -------------- security/openssl-quictls/files/patch-CVE-2024-4603 | 172 --------------------- security/openssl-quictls/files/patch-CVE-2024-4741 | 69 --------- 5 files changed, 5 insertions(+), 365 deletions(-) diff --git a/security/openssl-quictls/Makefile b/security/openssl-quictls/Makefile index 05e01c264dce..7ab02c99125f 100644 --- a/security/openssl-quictls/Makefile +++ b/security/openssl-quictls/Makefile @@ -1,7 +1,6 @@ PORTNAME= openssl DISTVERSIONPREFIX= ${PORTNAME}- -DISTVERSION= 3.0.13 -PORTREVISION= 5 +DISTVERSION= 3.0.14 DISTVERSIONSUFFIX= -quic1 CATEGORIES= security devel PKGNAMESUFFIX= -${GH_ACCOUNT} @@ -153,7 +152,7 @@ PLIST_SUB+= OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==} post-patch: ${REINPLACE_CMD} -Ee 's|^(build\|install)_docs: .*|\1_docs: \1_man_docs|' \ ${WRKSRC}/Configurations/unix-Makefile.tmpl - ${REINPLACE_CMD} 's|SHLIB_VERSION=81.3|SHLIB_VERSION=${OPENSSL_SHLIBVER}|' \ + ${REINPLACE_CMD} 's|^SHLIB_VERSION=.*$$|SHLIB_VERSION=${OPENSSL_SHLIBVER}|' \ ${WRKSRC}/VERSION.dat post-configure: diff --git a/security/openssl-quictls/distinfo b/security/openssl-quictls/distinfo index 3e0091590cd6..64893209cc0d 100644 --- a/security/openssl-quictls/distinfo +++ b/security/openssl-quictls/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1706728750 -SHA256 (quictls-openssl-openssl-3.0.13-quic1_GH0.tar.gz) = ff99582682565d06e8b3b7763c66c107e9065b1c38e23a34c0e2f1f60e5bee6d -SIZE (quictls-openssl-openssl-3.0.13-quic1_GH0.tar.gz) = 15459972 +TIMESTAMP = 1723487569 +SHA256 (quictls-openssl-openssl-3.0.14-quic1_GH0.tar.gz) = 75b0d9425c914913840d376388d8d8e6105ec8a03a9c33ab56fc3ac0384003a2 +SIZE (quictls-openssl-openssl-3.0.14-quic1_GH0.tar.gz) = 15475729 diff --git a/security/openssl-quictls/files/patch-CVE-2024-2511 b/security/openssl-quictls/files/patch-CVE-2024-2511 deleted file mode 100644 index 168faba4a3ea..000000000000 --- a/security/openssl-quictls/files/patch-CVE-2024-2511 +++ /dev/null @@ -1,118 +0,0 @@ -From b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d Mon Sep 17 00:00:00 2001 -From: Matt Caswell -Date: Tue, 5 Mar 2024 15:43:53 +0000 -Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3 - -In TLSv1.3 we create a new session object for each ticket that we send. -We do this by duplicating the original session. If SSL_OP_NO_TICKET is in -use then the new session will be added to the session cache. However, if -early data is not in use (and therefore anti-replay protection is being -used), then multiple threads could be resuming from the same session -simultaneously. If this happens and a problem occurs on one of the threads, -then the original session object could be marked as not_resumable. When we -duplicate the session object this not_resumable status gets copied into the -new session object. The new session object is then added to the session -cache even though it is not_resumable. - -Subsequently, another bug means that the session_id_length is set to 0 for -sessions that are marked as not_resumable - even though that session is -still in the cache. Once this happens the session can never be removed from -the cache. When that object gets to be the session cache tail object the -cache never shrinks again and grows indefinitely. - -CVE-2024-2511 - -Reviewed-by: Neil Horman -Reviewed-by: Tomas Mraz -(Merged from https://github.com/openssl/openssl/pull/24044) - -(cherry picked from commit 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce) ---- - ssl/ssl_lib.c | 5 +++-- - ssl/ssl_sess.c | 28 ++++++++++++++++++++++------ - ssl/statem/statem_srvr.c | 5 ++--- - 3 files changed, 27 insertions(+), 11 deletions(-) - -diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index 2c8479eb5fc69..eed649c6fdee9 100644 ---- ssl/ssl_lib.c{.orig} -+++ ssl/ssl_lib.c -@@ -3736,9 +3736,10 @@ void ssl_update_cache(SSL *s, int mode) - - /* - * If the session_id_length is 0, we are not supposed to cache it, and it -- * would be rather hard to do anyway :-) -+ * would be rather hard to do anyway :-). Also if the session has already -+ * been marked as not_resumable we should not cache it for later reuse. - */ -- if (s->session->session_id_length == 0) -+ if (s->session->session_id_length == 0 || s->session->not_resumable) - return; - - /* -diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c -index d836b33ed0e81..75adbd9e52b40 100644 ---- ssl/ssl_sess.c.orig -+++ ssl/ssl_sess.c -@@ -152,16 +152,11 @@ SSL_SESSION *SSL_SESSION_new(void) - return ss; - } - --SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) --{ -- return ssl_session_dup(src, 1); --} -- - /* - * Create a new SSL_SESSION and duplicate the contents of |src| into it. If - * ticket == 0 then no ticket information is duplicated, otherwise it is. - */ --SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) -+static SSL_SESSION *ssl_session_dup_intern(const SSL_SESSION *src, int ticket) - { - SSL_SESSION *dest; - -@@ -285,6 +280,27 @@ SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) - return NULL; - } - -+SSL_SESSION *SSL_SESSION_dup(const SSL_SESSION *src) -+{ -+ return ssl_session_dup_intern(src, 1); -+} -+ -+/* -+ * Used internally when duplicating a session which might be already shared. -+ * We will have resumed the original session. Subsequently we might have marked -+ * it as non-resumable (e.g. in another thread) - but this copy should be ok to -+ * resume from. -+ */ -+SSL_SESSION *ssl_session_dup(const SSL_SESSION *src, int ticket) -+{ -+ SSL_SESSION *sess = ssl_session_dup_intern(src, ticket); -+ -+ if (sess != NULL) -+ sess->not_resumable = 0; -+ -+ return sess; -+} -+ - const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len) - { - if (len) -diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c -index a9e67f9d32a77..6c942e6bcec29 100644 ---- ssl/statem/statem_srvr.c.orig -+++ ssl/statem/statem_srvr.c -@@ -2338,9 +2338,8 @@ int tls_construct_server_hello(SSL *s, WPACKET *pkt) - * so the following won't overwrite an ID that we're supposed - * to send back. - */ -- if (s->session->not_resumable || -- (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) -- && !s->hit)) -+ if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER) -+ && !s->hit) - s->session->session_id_length = 0; - - if (usetls13) { diff --git a/security/openssl-quictls/files/patch-CVE-2024-4603 b/security/openssl-quictls/files/patch-CVE-2024-4603 deleted file mode 100644 index abe84a2a7c77..000000000000 --- a/security/openssl-quictls/files/patch-CVE-2024-4603 +++ /dev/null @@ -1,172 +0,0 @@ -From 3559e868e58005d15c6013a0c1fd832e51c73397 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz -Date: Wed, 8 May 2024 15:23:45 +0200 -Subject: [PATCH] Check DSA parameters for excessive sizes before validating - -This avoids overly long computation of various validation -checks. - -Fixes CVE-2024-4603 - -Reviewed-by: Paul Dale -Reviewed-by: Matt Caswell -Reviewed-by: Neil Horman -Reviewed-by: Shane Lontis -(Merged from https://github.com/openssl/openssl/pull/24346) - -(cherry picked from commit 85ccbab216da245cf9a6503dd327072f21950d9b) ---- - CHANGES.md | 17 ++++++ - crypto/dsa/dsa_check.c | 44 ++++++++++++-- - .../invalid/p10240_q256_too_big.pem | 57 +++++++++++++++++++ - 3 files changed, 114 insertions(+), 4 deletions(-) - create mode 100644 test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem - -diff --git a/crypto/dsa/dsa_check.c b/crypto/dsa/dsa_check.c -index fb0e9129a2956..122449a7bf087 100644 ---- crypto/dsa/dsa_check.c.orig -+++ crypto/dsa/dsa_check.c -@@ -19,8 +19,34 @@ - #include "dsa_local.h" - #include "crypto/dsa.h" - -+static int dsa_precheck_params(const DSA *dsa, int *ret) -+{ -+ if (dsa->params.p == NULL || dsa->params.q == NULL) { -+ ERR_raise(ERR_LIB_DSA, DSA_R_BAD_FFC_PARAMETERS); -+ *ret = FFC_CHECK_INVALID_PQ; -+ return 0; -+ } -+ -+ if (BN_num_bits(dsa->params.p) > OPENSSL_DSA_MAX_MODULUS_BITS) { -+ ERR_raise(ERR_LIB_DSA, DSA_R_MODULUS_TOO_LARGE); -+ *ret = FFC_CHECK_INVALID_PQ; -+ return 0; -+ } -+ -+ if (BN_num_bits(dsa->params.q) >= BN_num_bits(dsa->params.p)) { -+ ERR_raise(ERR_LIB_DSA, DSA_R_BAD_Q_VALUE); -+ *ret = FFC_CHECK_INVALID_PQ; -+ return 0; -+ } -+ -+ return 1; -+} -+ - int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret) - { -+ if (!dsa_precheck_params(dsa, ret)) -+ return 0; -+ - if (checktype == OSSL_KEYMGMT_VALIDATE_QUICK_CHECK) - return ossl_ffc_params_simple_validate(dsa->libctx, &dsa->params, - FFC_PARAM_TYPE_DSA, ret); -@@ -39,6 +65,9 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret) - */ - int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) - { -+ if (!dsa_precheck_params(dsa, ret)) -+ return 0; -+ - return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret) - && *ret == 0; - } -@@ -50,6 +79,9 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret) - */ - int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret) - { -+ if (!dsa_precheck_params(dsa, ret)) -+ return 0; -+ - return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret) - && *ret == 0; - } -@@ -58,8 +90,10 @@ int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret) - { - *ret = 0; - -- return (dsa->params.q != NULL -- && ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret)); -+ if (!dsa_precheck_params(dsa, ret)) -+ return 0; -+ -+ return ossl_ffc_validate_private_key(dsa->params.q, priv_key, ret); - } - - /* -@@ -72,8 +106,10 @@ int ossl_dsa_check_pairwise(const DSA *dsa) - BN_CTX *ctx = NULL; - BIGNUM *pub_key = NULL; - -- if (dsa->params.p == NULL -- || dsa->params.g == NULL -+ if (!dsa_precheck_params(dsa, &ret)) -+ return 0; -+ -+ if (dsa->params.g == NULL - || dsa->priv_key == NULL - || dsa->pub_key == NULL) - return 0; -diff --git a/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem b/test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem -new file mode 100644 -index 0000000000000..e85e2953b7a24 ---- /dev/null -+++ test/recipes/15-test_dsaparam_data/invalid/p10240_q256_too_big.pem -@@ -0,0 +1,57 @@ -+-----BEGIN DSA PARAMETERS----- -+MIIKLAKCBQEAym47LzPFZdbz16WvjczLKuzLtsP8yRk/exxL4bBthJhP1qOwctja -+p1586SF7gDxCMn7yWVEYdfRbFefGoq0gj1XOE917XqlbnkmZhMgxut2KbNJo/xil -+XNFUjGvKs3F413U9rAodC8f07cWHP1iTcWL+vPe6u2yilKWYYfnLWHQH+Z6aPrrF -+x/R08LI6DZ6nEsIo+hxaQnEtx+iqNTJC6Q1RIjWDqxQkFVTkJ0Y7miRDXmRdneWk -+oLrMZRpaXr5l5tSjEghh1pBgJcdyOv0lh4dlDy/alAiqE2Qlb667yHl6A9dDPlpW -+dAntpffy4LwOxfbuEhISvKjjQoBwIvYE4TBPqL0Q6bC6HgQ4+tqd9b44pQjdIQjb -+Xcjc6azheITSnPEex3OdKtKoQeRq01qCeLBpMXu1c+CTf4ApKArZvT3vZSg0hM1O -+pR71bRZrEEegDj0LH2HCgI5W6H3blOS9A0kUTddCoQXr2lsVdiPtRbPKH1gcd9FQ -+P8cGrvbakpTiC0dCczOMDaCteM1QNILlkM7ZoV6VghsKvDnFPxFsiIr5GgjasXP5 -+hhbn3g7sDoq1LiTEo+IKQY28pBWx7etSOSRuXW/spnvCkivZla7lSEGljoy9QlQ2 -+UZmsEQI9G3YyzgpxHvKZBK1CiZVTywdYKTZ4TYCxvqzhYhjv2bqbpjI12HRFLojB -+koyEmMSp53lldCzp158PrIanqSp2rksMR8SmmCL3FwfAp2OjqFMEglG9DT8x0WaN -+TLSkjGC6t2csMte7WyU1ekNoFDKfMjDSAz0+xIx21DEmZtYqFOg1DNPK1xYLS0pl -+RSMRRkJVN2mk/G7/1oxlB8Wb9wgi3GKUqqCYT11SnBjzq0NdoJ3E4GMedp5Lx3AZ -+4mFuRPUd4iV86tE0XDSHSFE7Y3ZkrOjD7Q/26/L53L/UH5z4HW6CHP5os7QERJjg -+c1S3x87wXWo9QXbB9b2xmf+c+aWwAAr1cviw38tru58jF3/IGyduj9H8claKQqBG -+cIOUF4aNe1hK2K3ArAOApUxr4KE+tCvrltRfiTmVFip0g9Jt1CPY3Zu7Bd4Z2ZkE -+DtSztpwa49HrWF5E9xpquvBL2U8jQ68E7Xd8Wp4orI/TIChriamBmdkgRz3H2LvN -+Ozb6+hsnEGrz3sp2RVAToSqA9ysa6nHZdfufPNtMEbQdO/k1ehmGRb0ljBRsO6b2 -+rsG2eYuC8tg8eCrIkua0TGRI7g6a4K32AJdzaX6NsISaaIW+OYJuoDSscvD3oOg8 -+PPEhU+zM7xJskTA+jxvPlikKx8V7MNHOCQECldJlUBwzJvqp40JvwfnDsF+8VYwd -+UaiieR3pzMzyTjpReXRmZbnRPusRcsVzxb2OhB79wmuy4UPjjQBX+7eD0rs8xxvW -+5a5q1Cjq4AvbwmmcA/wDrHDOjcbD/zodad2O1QtBWa/R4xyWea4zKsflgACE1zY9 -+wW2br7+YQFekcrXkkkEzgxd6zxv8KVEDpXRZjmAM1cI5LvkoN64To4GedN8Qe/G7 -+R9SZh9gnS17PTP64hK+aYqhFafMdu87q/+qLfxaSux727qE5hiW01u4nnWhACf9s -+xuOozowKqxZxkolMIyZv6Lddwy1Zv5qjCyd0DvM/1skpXWkb9kfabYC+OhjsjVhs -+0Ktfs6a5B3eixiw5x94hhIcTEcS4hmvhGUL72FiTca6ZeSERTKmNBy8CIQC9/ZUN -+uU/V5JTcnYyUGHzm7+XcZBjyGBagBj9rCmW3SQKCBQAJ/k9rb39f1cO+/3XDEMjy -+9bIEXSuS48g5RAc1UGd5nrrBQwuDxGWFyz0yvAY7LgyidZuJS21+MAp9EY7AOMmx -+TDttifNaBJYt4GZ8of166PcqTKkHQwq5uBpxeSDv/ZE8YbYfaCtLTcUC8KlO+l36 -+gjJHSkdkflSsGy1yObSNDQDfVAAwQs//TjDMnuEtvlNXZllsTvFFBceXVETn10K2 -+ZMmdSIJNfLnjReUKEN6PfeGqv7F4xoyGwUybEfRE4u5RmXrqCODaIjY3SNMrOq8B -+R3Ata/cCozsM1jIdIW2z+OybDJH+BYsYm2nkSZQjZS6javTYClLrntEKG/hAQwL8 -+F16YLOQXpHhgiAaWnTZzANtLppB2+5qCVy5ElzKongOwT8JTjTFXOaRnqe/ngm9W -+SSbrxfDaoWUOyK9XD8Cydzpv3n4Y8nWNGayi7/yAFCU36Ri040ufgv/TZLuKacnl -++3ga3ZUpRlSigzx0kb1+KjTSWeQ8vE/psdWjvBukVEbzdUauMLyRLo/6znSVvvPX -+UGhviThE5uhrsUg+wEPFINriSHfF7JDKVhDcJnLBdaXvfN52pkF/naLBF5Rt3Gvq -+fjCxjx0Sy9Lag1hDN4dor7dzuO7wmwOS01DJW1PtNLuuH0Bbqh1kYSaQkmyXBZWX -+qo8K3nkoDM0niOtJJubOhTNrGmSaZpNXkK3Mcy9rBbdvEs5O0Jmqaax/eOdU0Yot -+B3lX+3ddOseT2ZEFjzObqTtkWuFBeBxuYNcRTsu3qMdIBsEb8URQdsTtjoIja2fK -+hreVgjK36GW70KXEl8V/vq5qjQulmqkBEjmilcDuiREKqQuyeagUOnhQaBplqVco -+4xznh5DMBMRbpGb5lHxKv4cPNi+uNAJ5i98zWUM1JRt6aXnRCuWcll1z8fRZ+5kD -+vK9FaZU3VRMK/eknEG49cGr8OuJ6ZRSaC+tKwV1y+amkSZpKPWnk2bUnQI3ApJv3 -+k1e1EToeECpMUkLMDgNbpKBoz4nqMEvAAlYgw9xKNbLlQlahqTVEAmaJHh4yDMDy -+i7IZ9Wrn47IGoR7s3cvhDHUpRPeW4nsmgzj+tf5EAxemI61STZJTTWo0iaPGJxct -+9nhOOhw1I38Mvm4vkAbFH7YJ0B6QrjjYL2MbOTp5JiIh4vdOeWwNo9/y4ffyaN5+ -+ADpxuuIAmcbdr6GPOhkOFFixRJa0B2eP1i032HESlLs8RB9oYtdTXdXQotnIgJGd -+Y8tSKOa1zjzeLHn3AVpRZTUW++/BxmApV3GKIeG8fsUjg/df0QRrBcdC/1uccdaG -+KKlAOwlywVn5jUlwHkTmDiTM9w5AqVVGHZ2b+4ZgQW8jnPKN0SrKf6U555D+zp7E -+x4uXoE8ojN9y8m8UKf0cTLnujH2XgZorjPfuMOt5VZEhQFMS2QaljSeni5CJJ8gk -+XtztNqfBlAtWR4V5iAHeQOfIB2YaOy8GESda89tyKraKeaez41VblpTVHTeq9IIF -+YB4cQA2PfuNaGVRGLMAgT3Dvl+mxxxeJyxnGAiUcETU/jJJt9QombiuszBlYGQ5d -+ELOSm/eQSRARV9zNSt5jaQlMSjMBqenIEM09BzYqa7jDwqoztFxNdO8bcuQPuKwa -+4z3bBZ1yYm63WFdNbQqqGEwc0OYmqg1raJ0zltgHyjFyw8IGu4g/wETs+nVQcH7D -+vKuje86bePD6kD/LH3wmkA== -+-----END DSA PARAMETERS----- diff --git a/security/openssl-quictls/files/patch-CVE-2024-4741 b/security/openssl-quictls/files/patch-CVE-2024-4741 deleted file mode 100644 index f4f5ca1069a1..000000000000 --- a/security/openssl-quictls/files/patch-CVE-2024-4741 +++ /dev/null @@ -1,69 +0,0 @@ -From b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d Mon Sep 17 00:00:00 2001 -From: Watson Ladd -Date: Wed, 24 Apr 2024 11:26:56 +0100 -Subject: [PATCH] Only free the read buffers if we're not using them - -If we're part way through processing a record, or the application has -not released all the records then we should not free our buffer because -they are still needed. - -CVE-2024-4741 - -Reviewed-by: Tomas Mraz -Reviewed-by: Neil Horman -Reviewed-by: Matt Caswell -(Merged from https://github.com/openssl/openssl/pull/24395) - -(cherry picked from commit 704f725b96aa373ee45ecfb23f6abfe8be8d9177) ---- - ssl/record/rec_layer_s3.c | 9 +++++++++ - ssl/record/record.h | 1 + - ssl/ssl_lib.c | 3 +++ - 3 files changed, 13 insertions(+) - -diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c -index 4bcffcc41e364..1569997bea2d3 100644 ---- ssl/record/rec_layer_s3.c.orig -+++ ssl/record/rec_layer_s3.c -@@ -81,6 +81,15 @@ int RECORD_LAYER_read_pending(const RECORD_LAYER *rl) - return SSL3_BUFFER_get_left(&rl->rbuf) != 0; - } - -+int RECORD_LAYER_data_present(const RECORD_LAYER *rl) -+{ -+ if (rl->rstate == SSL_ST_READ_BODY) -+ return 1; -+ if (RECORD_LAYER_processed_read_pending(rl)) -+ return 1; -+ return 0; -+} -+ - /* Checks if we have decrypted unread record data pending */ - int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl) - { -diff --git a/ssl/record/record.h b/ssl/record/record.h -index 234656bf93942..b60f71c8cb23b 100644 ---- ssl/record/record.h.orig -+++ ssl/record/record.h -@@ -205,6 +205,7 @@ void RECORD_LAYER_release(RECORD_LAYER *rl); - int RECORD_LAYER_read_pending(const RECORD_LAYER *rl); - int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl); - int RECORD_LAYER_write_pending(const RECORD_LAYER *rl); -+int RECORD_LAYER_data_present(const RECORD_LAYER *rl); - void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl); - void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl); - int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl); -diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index eed649c6fdee9..d14c55ae557bc 100644 ---- ssl/ssl_lib.c.orig -+++ ssl/ssl_lib.c -@@ -5492,6 +5492,9 @@ int SSL_free_buffers(SSL *ssl) - if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl)) - return 0; - -+ if (RECORD_LAYER_data_present(rl)) -+ return 0; -+ - RECORD_LAYER_release(rl); - return 1; - }