svn commit: r439797 - in branches/2017Q2: net/openntpd security/acme-client security/libressl security/libressl-devel security/libressl-devel/files security/libressl/files
Bernard Spil
brnrd at FreeBSD.org
Sun Apr 30 10:41:19 UTC 2017
Author: brnrd
Date: Sun Apr 30 10:41:17 2017
New Revision: 439797
URL: https://svnweb.freebsd.org/changeset/ports/439797
Log:
MFH: r438889 r439764 r439772 r439762
Belated revision bump after libressl 2.5.3 update.
This approach doesn't work, does it?
security/libressl-devel: Fix vulnerability
Obtained from: OpenBSD
Security: 24673ed7-2bf3-11e7-b291-b499baebfeaf
Security: CVE-2017-8301
security/libressl: Bump static library consumers
Reported by: jbeich
security/libressl: Fix vulnerability
Obtained from: OpenBSD
Security: 24673ed7-2bf3-11e7-b291-b499baebfeaf
Security: CVE-2017-8301
Approved by: ports-secteam (junovitch)
Added:
branches/2017Q2/security/libressl-devel/files/patch-CVE-2017-8301
- copied unchanged from r439764, head/security/libressl-devel/files/patch-CVE-2017-8301
branches/2017Q2/security/libressl/files/patch-CVE-2017-8301
- copied unchanged from r439762, head/security/libressl/files/patch-CVE-2017-8301
Modified:
branches/2017Q2/net/openntpd/Makefile
branches/2017Q2/security/acme-client/Makefile
branches/2017Q2/security/libressl-devel/Makefile
branches/2017Q2/security/libressl/Makefile
Directory Properties:
branches/2017Q2/ (props changed)
Modified: branches/2017Q2/net/openntpd/Makefile
==============================================================================
--- branches/2017Q2/net/openntpd/Makefile Sun Apr 30 10:34:56 2017 (r439796)
+++ branches/2017Q2/net/openntpd/Makefile Sun Apr 30 10:41:17 2017 (r439797)
@@ -2,7 +2,7 @@
PORTNAME= openntpd
PORTVERSION= 6.0p1
-PORTREVISION= 4
+PORTREVISION= 6
PORTEPOCH= 2
CATEGORIES= net
MASTER_SITES= OPENBSD/OpenNTPD
Modified: branches/2017Q2/security/acme-client/Makefile
==============================================================================
--- branches/2017Q2/security/acme-client/Makefile Sun Apr 30 10:34:56 2017 (r439796)
+++ branches/2017Q2/security/acme-client/Makefile Sun Apr 30 10:41:17 2017 (r439797)
@@ -3,6 +3,7 @@
PORTNAME= acme-client
PORTVERSION= 0.1.16
+PORTREVISION= 1
DISTVERSIONPREFIX= portable-
CATEGORIES= security
MASTER_SITES= https://kristaps.bsd.lv/${PORTNAME}/snapshots/ \
Modified: branches/2017Q2/security/libressl-devel/Makefile
==============================================================================
--- branches/2017Q2/security/libressl-devel/Makefile Sun Apr 30 10:34:56 2017 (r439796)
+++ branches/2017Q2/security/libressl-devel/Makefile Sun Apr 30 10:41:17 2017 (r439797)
@@ -3,6 +3,7 @@
PORTNAME= libressl
PORTVERSION= 2.5.2
+PORTREVISION= 1
CATEGORIES= security devel
MASTER_SITES= OPENBSD/LibreSSL
PKGNAMESUFFIX= -devel
Copied: branches/2017Q2/security/libressl-devel/files/patch-CVE-2017-8301 (from r439764, head/security/libressl-devel/files/patch-CVE-2017-8301)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/security/libressl-devel/files/patch-CVE-2017-8301 Sun Apr 30 10:41:17 2017 (r439797, copy of r439764, head/security/libressl-devel/files/patch-CVE-2017-8301)
@@ -0,0 +1,32 @@
+https://marc.info/?l=openbsd-cvs&m=149342064612660
+
+===================================================================
+RCS file: /cvs/src/lib/libcrypto/x509/x509_vfy.c,v
+retrieving revision 1.61
+retrieving revision 1.61.4.1
+diff -u -r1.61 -r1.61.4.1
+--- crypto/x509/x509_vfy.c 2017/02/05 02:33:21 1.61
++++ crypto/x509/x509_vfy.c 2017/04/28 23:12:04 1.61.4.1
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */
++/* $OpenBSD: x509_vfy.c,v 1.61.4.1 2017/04/28 23:12:04 beck Exp $ */
+ /* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+@@ -541,15 +541,7 @@
+ /* Safety net, error returns must set ctx->error */
+ if (ok <= 0 && ctx->error == X509_V_OK)
+ ctx->error = X509_V_ERR_UNSPECIFIED;
+-
+- /*
+- * Safety net, if user provided verify callback indicates sucess
+- * make sure they have set error to X509_V_OK
+- */
+- if (ctx->verify_cb != null_callback && ok == 1)
+- ctx->error = X509_V_OK;
+-
+- return(ctx->error == X509_V_OK);
++ return ok;
+ }
+
+ /* Given a STACK_OF(X509) find the issuer of cert (if any)
Modified: branches/2017Q2/security/libressl/Makefile
==============================================================================
--- branches/2017Q2/security/libressl/Makefile Sun Apr 30 10:34:56 2017 (r439796)
+++ branches/2017Q2/security/libressl/Makefile Sun Apr 30 10:41:17 2017 (r439797)
@@ -3,6 +3,7 @@
PORTNAME= libressl
PORTVERSION= 2.4.5
+PORTREVISION= 1
CATEGORIES= security devel
MASTER_SITES= OPENBSD/LibreSSL
Copied: branches/2017Q2/security/libressl/files/patch-CVE-2017-8301 (from r439762, head/security/libressl/files/patch-CVE-2017-8301)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q2/security/libressl/files/patch-CVE-2017-8301 Sun Apr 30 10:41:17 2017 (r439797, copy of r439762, head/security/libressl/files/patch-CVE-2017-8301)
@@ -0,0 +1,32 @@
+https://marc.info/?l=openbsd-cvs&m=149342064612660
+
+===================================================================
+RCS file: /cvs/src/lib/libcrypto/x509/x509_vfy.c,v
+retrieving revision 1.61
+retrieving revision 1.61.4.1
+diff -u -r1.61 -r1.61.4.1
+--- crypto/x509/x509_vfy.c 2017/02/05 02:33:21 1.61
++++ crypto/x509/x509_vfy.c 2017/04/28 23:12:04 1.61.4.1
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: x509_vfy.c,v 1.61 2017/02/05 02:33:21 beck Exp $ */
++/* $OpenBSD: x509_vfy.c,v 1.61.4.1 2017/04/28 23:12:04 beck Exp $ */
+ /* Copyright (C) 1995-1998 Eric Young (eay at cryptsoft.com)
+ * All rights reserved.
+ *
+@@ -541,15 +541,7 @@
+ /* Safety net, error returns must set ctx->error */
+ if (ok <= 0 && ctx->error == X509_V_OK)
+ ctx->error = X509_V_ERR_UNSPECIFIED;
+-
+- /*
+- * Safety net, if user provided verify callback indicates sucess
+- * make sure they have set error to X509_V_OK
+- */
+- if (ctx->verify_cb != null_callback && ok == 1)
+- ctx->error = X509_V_OK;
+-
+- return(ctx->error == X509_V_OK);
++ return ok;
+ }
+
+ /* Given a STACK_OF(X509) find the issuer of cert (if any)
More information about the svn-ports-all
mailing list