svn commit: r306336 - in releng: 10.1 10.1/crypto/openssl/crypto/bn 10.1/sys/conf 10.2 10.2/crypto/openssl/crypto/bn 10.2/sys/conf 10.3 10.3/crypto/openssl/crypto/bn 10.3/sys/conf 9.3 9.3/crypto/op...
Xin LI
delphij at FreeBSD.org
Mon Sep 26 08:21:31 UTC 2016
Author: delphij
Date: Mon Sep 26 08:21:29 2016
New Revision: 306336
URL: https://svnweb.freebsd.org/changeset/base/306336
Log:
Apply upstream revision 3612ff6fcec0e3d1f2a598135fe12177c0419582:
Fix overflow check in BN_bn2dec()
Fix an off by one error in the overflow check added by 07bed46
("Check for errors in BN_bn2dec()").
This fixes a regression introduced in SA-16:26.openssl.
Submitted by: jkim
PR: 212921
Approved by: so
Modified:
releng/10.1/UPDATING
releng/10.1/crypto/openssl/crypto/bn/bn_print.c
releng/10.1/sys/conf/newvers.sh
releng/10.2/UPDATING
releng/10.2/crypto/openssl/crypto/bn/bn_print.c
releng/10.2/sys/conf/newvers.sh
releng/10.3/UPDATING
releng/10.3/crypto/openssl/crypto/bn/bn_print.c
releng/10.3/sys/conf/newvers.sh
releng/9.3/UPDATING
releng/9.3/crypto/openssl/crypto/bn/bn_print.c
releng/9.3/sys/conf/newvers.sh
Modified: releng/10.1/UPDATING
==============================================================================
--- releng/10.1/UPDATING Mon Sep 26 08:19:33 2016 (r306335)
+++ releng/10.1/UPDATING Mon Sep 26 08:21:29 2016 (r306336)
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20160926 p29 FreeBSD-SA-16:26.openssl [revised]
+
+ Fix OpenSSL regression introduced in SA-16:26.
+
20160923 p38 FreeBSD-SA-16:26.openssl
Fix multiple OpenSSL vulnerabilitites.
Modified: releng/10.1/crypto/openssl/crypto/bn/bn_print.c
==============================================================================
--- releng/10.1/crypto/openssl/crypto/bn/bn_print.c Mon Sep 26 08:19:33 2016 (r306335)
+++ releng/10.1/crypto/openssl/crypto/bn/bn_print.c Mon Sep 26 08:21:29 2016 (r306336)
@@ -141,14 +141,13 @@ char *BN_bn2dec(const BIGNUM *a)
if (BN_is_negative(t))
*p++ = '-';
- i = 0;
while (!BN_is_zero(t)) {
+ if (lp - bn_data >= bn_data_num)
+ goto err;
*lp = BN_div_word(t, BN_DEC_CONV);
if (*lp == (BN_ULONG)-1)
goto err;
lp++;
- if (lp - bn_data >= bn_data_num)
- goto err;
}
lp--;
/*
Modified: releng/10.1/sys/conf/newvers.sh
==============================================================================
--- releng/10.1/sys/conf/newvers.sh Mon Sep 26 08:19:33 2016 (r306335)
+++ releng/10.1/sys/conf/newvers.sh Mon Sep 26 08:21:29 2016 (r306336)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.1"
-BRANCH="RELEASE-p38"
+BRANCH="RELEASE-p39"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/10.2/UPDATING
==============================================================================
--- releng/10.2/UPDATING Mon Sep 26 08:19:33 2016 (r306335)
+++ releng/10.2/UPDATING Mon Sep 26 08:21:29 2016 (r306336)
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20160926 p22 FreeBSD-SA-16:26.openssl [revised]
+
+ Fix OpenSSL regression introduced in SA-16:26.
+
20160923 p21 FreeBSD-SA-16:26.openssl
Fix multiple OpenSSL vulnerabilitites.
Modified: releng/10.2/crypto/openssl/crypto/bn/bn_print.c
==============================================================================
--- releng/10.2/crypto/openssl/crypto/bn/bn_print.c Mon Sep 26 08:19:33 2016 (r306335)
+++ releng/10.2/crypto/openssl/crypto/bn/bn_print.c Mon Sep 26 08:21:29 2016 (r306336)
@@ -141,14 +141,13 @@ char *BN_bn2dec(const BIGNUM *a)
if (BN_is_negative(t))
*p++ = '-';
- i = 0;
while (!BN_is_zero(t)) {
+ if (lp - bn_data >= bn_data_num)
+ goto err;
*lp = BN_div_word(t, BN_DEC_CONV);
if (*lp == (BN_ULONG)-1)
goto err;
lp++;
- if (lp - bn_data >= bn_data_num)
- goto err;
}
lp--;
/*
Modified: releng/10.2/sys/conf/newvers.sh
==============================================================================
--- releng/10.2/sys/conf/newvers.sh Mon Sep 26 08:19:33 2016 (r306335)
+++ releng/10.2/sys/conf/newvers.sh Mon Sep 26 08:21:29 2016 (r306336)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.2"
-BRANCH="RELEASE-p21"
+BRANCH="RELEASE-p22"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/10.3/UPDATING
==============================================================================
--- releng/10.3/UPDATING Mon Sep 26 08:19:33 2016 (r306335)
+++ releng/10.3/UPDATING Mon Sep 26 08:21:29 2016 (r306336)
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20160926 p9 FreeBSD-SA-16:26.openssl [revised]
+
+ Fix OpenSSL regression introduced in SA-16:26.
+
20160923 p8 FreeBSD-SA-16:26.openssl
Fix multiple OpenSSL vulnerabilitites.
Modified: releng/10.3/crypto/openssl/crypto/bn/bn_print.c
==============================================================================
--- releng/10.3/crypto/openssl/crypto/bn/bn_print.c Mon Sep 26 08:19:33 2016 (r306335)
+++ releng/10.3/crypto/openssl/crypto/bn/bn_print.c Mon Sep 26 08:21:29 2016 (r306336)
@@ -141,14 +141,13 @@ char *BN_bn2dec(const BIGNUM *a)
if (BN_is_negative(t))
*p++ = '-';
- i = 0;
while (!BN_is_zero(t)) {
+ if (lp - bn_data >= bn_data_num)
+ goto err;
*lp = BN_div_word(t, BN_DEC_CONV);
if (*lp == (BN_ULONG)-1)
goto err;
lp++;
- if (lp - bn_data >= bn_data_num)
- goto err;
}
lp--;
/*
Modified: releng/10.3/sys/conf/newvers.sh
==============================================================================
--- releng/10.3/sys/conf/newvers.sh Mon Sep 26 08:19:33 2016 (r306335)
+++ releng/10.3/sys/conf/newvers.sh Mon Sep 26 08:21:29 2016 (r306336)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.3"
-BRANCH="RELEASE-p8"
+BRANCH="RELEASE-p9"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/9.3/UPDATING
==============================================================================
--- releng/9.3/UPDATING Mon Sep 26 08:19:33 2016 (r306335)
+++ releng/9.3/UPDATING Mon Sep 26 08:21:29 2016 (r306336)
@@ -11,6 +11,10 @@ handbook:
Items affecting the ports and packages system can be found in
/usr/ports/UPDATING. Please read that file before running portupgrade.
+20160926 p47 FreeBSD-SA-16:26.openssl [revised]
+
+ Fix OpenSSL regression introduced in SA-16:26.
+
20160923 p46 FreeBSD-SA-16:26.openssl
Fix multiple OpenSSL vulnerabilitites.
Modified: releng/9.3/crypto/openssl/crypto/bn/bn_print.c
==============================================================================
--- releng/9.3/crypto/openssl/crypto/bn/bn_print.c Mon Sep 26 08:19:33 2016 (r306335)
+++ releng/9.3/crypto/openssl/crypto/bn/bn_print.c Mon Sep 26 08:21:29 2016 (r306336)
@@ -141,14 +141,13 @@ char *BN_bn2dec(const BIGNUM *a)
if (BN_is_negative(t))
*p++ = '-';
- i = 0;
while (!BN_is_zero(t)) {
+ if (lp - bn_data >= bn_data_num)
+ goto err;
*lp = BN_div_word(t, BN_DEC_CONV);
if (*lp == (BN_ULONG)-1)
goto err;
lp++;
- if (lp - bn_data >= bn_data_num)
- goto err;
}
lp--;
/*
Modified: releng/9.3/sys/conf/newvers.sh
==============================================================================
--- releng/9.3/sys/conf/newvers.sh Mon Sep 26 08:19:33 2016 (r306335)
+++ releng/9.3/sys/conf/newvers.sh Mon Sep 26 08:21:29 2016 (r306336)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="9.3"
-BRANCH="RELEASE-p46"
+BRANCH="RELEASE-p47"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
More information about the svn-src-releng
mailing list