svn commit: r352928 - in head/security/openssl: . files

Dirk Meyer dinoex at FreeBSD.org
Sat May 3 16:36:43 UTC 2014 

Author: dinoex
Date: Sat May  3 16:36:42 2014
New Revision: 352928
URL: http://svnweb.freebsd.org/changeset/ports/352928
QAT: https://qat.redports.org/buildarchive/r352928/

Log:
  - Security patch
  Security: CVE-2014-0198
  Security: http://seclists.org/oss-sec/2014/q2/232
  Security: https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321
  Obtained from:	OpenBSD

Modified:
  head/security/openssl/Makefile
  head/security/openssl/files/patch-ssl-s3_pkt.c

Modified: head/security/openssl/Makefile
==============================================================================
--- head/security/openssl/Makefile	Sat May  3 16:24:01 2014	(r352927)
+++ head/security/openssl/Makefile	Sat May  3 16:36:42 2014	(r352928)
@@ -4,7 +4,7 @@
 PORTNAME=	openssl
 PORTVERSION=	1.0.1
 DISTVERSIONSUFFIX=	g
-PORTREVISION=	11
+PORTREVISION=	12
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/%SUBDIR%/ \
 		ftp://ftp.openssl.org/%SUBDIR%/ \

Modified: head/security/openssl/files/patch-ssl-s3_pkt.c
==============================================================================
--- head/security/openssl/files/patch-ssl-s3_pkt.c	Sat May  3 16:24:01 2014	(r352927)
+++ head/security/openssl/files/patch-ssl-s3_pkt.c	Sat May  3 16:36:42 2014	(r352928)
@@ -1,13 +1,22 @@
-Index: crypto/openssl/ssl/s3_pkt.c
-===================================================================
---- ssl/s3_pkt.c	(revision 264309)
-+++ ssl/s3_pkt.c	(working copy)
-@@ -1055,7 +1055,7 @@ start:
-				{
-				s->rstate=SSL_ST_READ_HEADER;
-				rr->off=0;
+--- ssl/s3_pkt.c.orig	2014-03-17 17:14:20.000000000 +0100
++++ ssl/s3_pkt.c	2014-05-03 18:07:28.000000000 +0200
+@@ -657,6 +657,10 @@
+ 		if (i <= 0)
+ 			return(i);
+ 		/* if it went, fall through and send more stuff */
++		/* we may have released our buffer, so get it again */
++		if (wb->buf == NULL)
++			if (!ssl3_setup_write_buffer(s))
++				return -1;
+ 		}
+ 
+ 	if (len == 0 && !create_empty_fragment)
+@@ -1055,7 +1059,7 @@
+ 				{
+ 				s->rstate=SSL_ST_READ_HEADER;
+ 				rr->off=0;
 -				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
 +				if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
-					ssl3_release_read_buffer(s);
-				}
-			}
+ 					ssl3_release_read_buffer(s);
+ 				}
+ 			}

More information about the svn-ports-all mailing list