svn commit: r439762 - in head/security/libressl: . files
Bernard Spil
brnrd at FreeBSD.org
Sat Apr 29 17:10:11 UTC 2017
Author: brnrd
Date: Sat Apr 29 17:10:09 2017
New Revision: 439762
URL: https://svnweb.freebsd.org/changeset/ports/439762
Log:
security/libressl: Fix vulnerability
Obtained from: OpenBSD
MFH: 2017Q2
Security: 24673ed7-2bf3-11e7-b291-b499baebfeaf
Security: CVE-2017-8301
Added:
head/security/libressl/files/patch-CVE-2017-8301 (contents, props changed)
Modified:
head/security/libressl/Makefile
Modified: head/security/libressl/Makefile
==============================================================================
--- head/security/libressl/Makefile Sat Apr 29 16:37:53 2017 (r439761)
+++ head/security/libressl/Makefile Sat Apr 29 17:10:09 2017 (r439762)
@@ -3,6 +3,7 @@
PORTNAME= libressl
PORTVERSION= 2.5.3
+PORTREVISION= 1
CATEGORIES= security devel
MASTER_SITES= OPENBSD/LibreSSL
Added: head/security/libressl/files/patch-CVE-2017-8301
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/libressl/files/patch-CVE-2017-8301 Sat Apr 29 17:10:09 2017 (r439762)
@@ -0,0 +1,32 @@
+https://marc.info/?l=openbsd-cvs&m=149342064612660
+
+===================================================================
+RCS file: /cvs/src/lib/libcrypto/x509/x509_vfy.c,v
+retrieving revision 1.61
+retrieving revision 1.61.4.1
+diff -u -r1.61 -r1.61.4.1
+--- crypto/x509/x509_vfy.c 2017/02/05 02:33:21 1.61
++++ crypto/x509/x509_vfy.c 2017/04/28 23:12:04 1.61.4.1
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */
++/* $OpenBSD: x509_vfy.c,v 1.61.4.1 2017/04/28 23:12:04 beck Exp $ */
+ /* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+@@ -541,15 +541,7 @@
+ /* Safety net, error returns must set ctx->error */
+ if (ok <= 0 && ctx->error == X509_V_OK)
+ ctx->error = X509_V_ERR_UNSPECIFIED;
+-
+- /*
+- * Safety net, if user provided verify callback indicates sucess
+- * make sure they have set error to X509_V_OK
+- */
+- if (ctx->verify_cb != null_callback && ok == 1)
+- ctx->error = X509_V_OK;
+-
+- return(ctx->error == X509_V_OK);
++ return ok;
+ }
+
+ /* Given a STACK_OF(X509) find the issuer of cert (if any)
More information about the svn-ports-all
mailing list