svn commit: r351191 - in head/security/openssl: . files

Cy Schubert Cy.Schubert at komquats.com
Mon Apr 14 04:18:55 UTC 2014 

In message <201404130840.s3D8eE1X031490 at svn.freebsd.org>, Dirk Meyer writes:
> Author: dinoex
> Date: Sun Apr 13 08:40:13 2014
> New Revision: 351191
> URL: http://svnweb.freebsd.org/changeset/ports/351191
> QAT: https://qat.redports.org/buildarchive/r351191/
> 
> Log:
>   - fix a 4 year old "use-after-free" problem
>   https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
>   http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
>   http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008_openssl.patch
>   Obtained from:	OpenBSD
> 
> Added:
>   head/security/openssl/files/patch-ssl-s3_pkt.c   (contents, props changed)
> Modified:
>   head/security/openssl/Makefile
> 
> Modified: head/security/openssl/Makefile
> =============================================================================
> =
> --- head/security/openssl/Makefile	Sun Apr 13 08:34:32 2014	(r35119
> 0)
> +++ head/security/openssl/Makefile	Sun Apr 13 08:40:13 2014	(r35119
> 1)
> @@ -4,7 +4,7 @@
>  PORTNAME=	openssl
>  PORTVERSION=	1.0.1
>  DISTVERSIONSUFFIX=	g
> -PORTREVISION=	10
> +PORTREVISION=	11
>  CATEGORIES=	security devel
>  MASTER_SITES=	http://www.openssl.org/%SUBDIR%/ \
>  		ftp://ftp.openssl.org/%SUBDIR%/ \
> 
> Added: head/security/openssl/files/patch-ssl-s3_pkt.c
> =============================================================================
> =
> --- /dev/null	00:00:00 1970	(empty, because file is newly added)
> +++ head/security/openssl/files/patch-ssl-s3_pkt.c	Sun Apr 13 08:40:13 201
> 4	(r351191)
> @@ -0,0 +1,13 @@
> +Index: crypto/openssl/ssl/s3_pkt.c
> +===================================================================
> +--- ssl/s3_pkt.c	(revision 264309)
> ++++ ssl/s3_pkt.c	(working copy)
> +@@ -1055,7 +1055,7 @@ start:
> +				{
> +				s->rstate=SSL_ST_READ_HEADER;
> +				rr->off=0;
> +-				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
> ++				if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3
> ->rbuf.left == 0)
> +					ssl3_release_read_buffer(s);
> +				}
> +			}
> 
> 

I don't see this in base. Would this not be a good candidate for openssl in 
base?


-- 
Cheers,
Cy Schubert <Cy.Schubert at komquats.com>
FreeBSD UNIX:  <cy at FreeBSD.org>   Web:  http://www.FreeBSD.org

	The need of the many outweighs the greed of the few.

More information about the svn-ports-head mailing list