svn commit: r326723 - in releng: 10.3 10.3/crypto/openssl/ssl 10.3/sys/conf 10.4 10.4/crypto/openssl/ssl 10.4/sys/conf
Gordon Tetlow
gordon at FreeBSD.org
Sat Dec 9 03:45:25 UTC 2017
Author: gordon
Date: Sat Dec 9 03:45:23 2017
New Revision: 326723
URL: https://svnweb.freebsd.org/changeset/base/326723
Log:
Fix error state handling
Approved by: so
Security: CVE-2017-3737
Security: FreeBSD-SA-17:12.openssl
Modified:
releng/10.3/UPDATING
releng/10.3/crypto/openssl/ssl/ssl.h
releng/10.3/sys/conf/newvers.sh
releng/10.4/UPDATING
releng/10.4/crypto/openssl/ssl/ssl.h
releng/10.4/sys/conf/newvers.sh
Modified: releng/10.3/UPDATING
==============================================================================
--- releng/10.3/UPDATING Sat Dec 9 03:44:26 2017 (r326722)
+++ releng/10.3/UPDATING Sat Dec 9 03:45:23 2017 (r326723)
@@ -1,5 +1,5 @@
Updating Information for FreeBSD current users
-
+2
This file is maintained and copyrighted by M. Warner Losh <imp at freebsd.org>.
See end of file for further details. For commonly done items, please see the
COMMON ITEMS: section later in the file. These instructions assume that you
@@ -15,6 +15,10 @@ NOTE: FreeBSD has switched from gcc to clang. If you h
from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+
+20171209 p26 FreeBSD-SA-17:12.openssl
+
+ Fix OpenSSL error state vulnerability.
20171129 p25 FreeBSD-SA-17:11.openssl
Modified: releng/10.3/crypto/openssl/ssl/ssl.h
==============================================================================
--- releng/10.3/crypto/openssl/ssl/ssl.h Sat Dec 9 03:44:26 2017 (r326722)
+++ releng/10.3/crypto/openssl/ssl/ssl.h Sat Dec 9 03:45:23 2017 (r326723)
@@ -1544,7 +1544,7 @@ extern "C" {
# define SSL_ST_BEFORE 0x4000
# define SSL_ST_OK 0x03
# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
-# define SSL_ST_ERR 0x05
+# define SSL_ST_ERR (0x05|SSL_ST_INIT)
# define SSL_CB_LOOP 0x01
# define SSL_CB_EXIT 0x02
Modified: releng/10.3/sys/conf/newvers.sh
==============================================================================
--- releng/10.3/sys/conf/newvers.sh Sat Dec 9 03:44:26 2017 (r326722)
+++ releng/10.3/sys/conf/newvers.sh Sat Dec 9 03:45:23 2017 (r326723)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.3"
-BRANCH="RELEASE-p25"
+BRANCH="RELEASE-p26"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/10.4/UPDATING
==============================================================================
--- releng/10.4/UPDATING Sat Dec 9 03:44:26 2017 (r326722)
+++ releng/10.4/UPDATING Sat Dec 9 03:45:23 2017 (r326723)
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG to b
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20171209 p5 FreeBSD-SA-17:12.openssl
+
+ Fix OpenSSL error state vulnerability.
+
20171129 p4 FreeBSD-SA-17:11.openssl
Fix OpenSSL out-of-bounds read vulnerability.
Modified: releng/10.4/crypto/openssl/ssl/ssl.h
==============================================================================
--- releng/10.4/crypto/openssl/ssl/ssl.h Sat Dec 9 03:44:26 2017 (r326722)
+++ releng/10.4/crypto/openssl/ssl/ssl.h Sat Dec 9 03:45:23 2017 (r326723)
@@ -1544,7 +1544,7 @@ extern "C" {
# define SSL_ST_BEFORE 0x4000
# define SSL_ST_OK 0x03
# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
-# define SSL_ST_ERR 0x05
+# define SSL_ST_ERR (0x05|SSL_ST_INIT)
# define SSL_CB_LOOP 0x01
# define SSL_CB_EXIT 0x02
Modified: releng/10.4/sys/conf/newvers.sh
==============================================================================
--- releng/10.4/sys/conf/newvers.sh Sat Dec 9 03:44:26 2017 (r326722)
+++ releng/10.4/sys/conf/newvers.sh Sat Dec 9 03:45:23 2017 (r326723)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.4"
-BRANCH="RELEASE-p4"
+BRANCH="RELEASE-p5"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
More information about the svn-src-all
mailing list