D4393.id10778.diff
No OneTemporary
Actions

Size

2 KB

Referenced Files

None

Subscribers

None

D4393.id10778.diff
View Options

	Index: security/libressl/Makefile
	===================================================================
	--- security/libressl/Makefile
	+++ security/libressl/Makefile
	@@ -3,6 +3,7 @@

	PORTNAME= libressl
	PORTVERSION= 2.2.4
	+PORTREVISION= 1
	CATEGORIES= security devel
	MASTER_SITES= OPENBSD/LibreSSL

	@@ -27,6 +28,7 @@
	USE_LDCONFIG= yes

	INSTALL_TARGET= install-strip
	+TEST_TARGET= check

	.include <bsd.port.pre.mk>

	@@ -34,9 +36,6 @@
	CONFIGURE_TARGET= x86_64-portbld-${OPSYS:tl}${OSREL}
	.endif

	-regression-test: build
	- cd ${WRKSRC} && ${MAKE} check
	-
	post-install-MAN3-off:
	${RM} -rf ${STAGEDIR}/${PREFIX}/man/man3
	${REINPLACE_CMD} -e '/^man\/man3/d' ${TMPPLIST}
	Index: security/libressl/files/patch-crypto_rsa_rsa__ameth.c
	===================================================================
	--- /dev/null
	+++ security/libressl/files/patch-crypto_rsa_rsa__ameth.c
	@@ -0,0 +1,35 @@
	+untrusted comment: signature from openbsd 5.7 base secret key
	+RWSvUZXnw9gUb9nwe5ejJkFIRePsdQp8RQsCErF3noaEaVflJlEfeDvvY8BYhoqJKov8hLit4sBdW8E16mLrZIBdfQSB7FUPygc=
	+
	+OpenBSD 5.7 errata 21, Dec 3, 2015:
	+
	+CVE-2015-3194 - NULL pointer dereference in client certificate validation
	+
	+Apply by doing:
	+ signify -Vep /etc/signify/openbsd-57-base.pub -x 021_clientcert.patch.sig \
	+ -m - \| (cd /usr/src && patch -p0)
	+
	+And then rebuild and install libcrypto:
	+ cd /usr/src/lib/libcrypto
	+ make obj
	+ make depend
	+ make
	+ make install
	+
	+Index: crypto/rsa/rsa_ameth.c
	+===================================================================
	+RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa_ameth.c,v
	+retrieving revision 1.14
	+retrieving revision 1.14.6.1
	+diff -u -p -u -p -r1.14 -r1.14.6.1
	+--- crypto/rsa/rsa_ameth.c 11 Feb 2015 04:05:14 -0000 1.14
	++++ crypto/rsa/rsa_ameth.c 4 Dec 2015 04:13:43 -0000 1.14.6.1
	+@@ -298,7 +298,7 @@ rsa_pss_decode(const X509_ALGOR *alg, X5
	+ if (pss->maskGenAlgorithm) {
	+ ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
	+ if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
	+- param->type == V_ASN1_SEQUENCE) {
	++ param && param->type == V_ASN1_SEQUENCE) {
	+ p = param->value.sequence->data;
	+ plen = param->value.sequence->length;
	+ *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
	Index: security/vuxml/vuln.xml
	===================================================================
	--- security/vuxml/vuln.xml
	+++ security/vuxml/vuln.xml
	@@ -73,6 +73,11 @@
	<name>linux-c6-openssl</name>
	<range><ge>0</ge></range>
	</package>
	+ <package>
	+ <name>libressl</name>
	+ <range><le>2.2.4</le></range>
	+ <range><ge>2.3.0</ge><le>2.3.1</le></range>
	+ </package>
	</affects>
	<description>
	<body xmlns="http://www.w3.org/1999/xhtml">

File Metadata

Mime Type: text/plain
Expires: Wed, Nov 19, 3:02 PM (9 h, 30 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 25644976
Default Alt Text: D4393.id10778.diff (2 KB)

D4393.id10778.diffNo OneTemporaryActions

D4393.id10778.diffView Options

File Metadata

Event Timeline

D4393.id10778.diff
No OneTemporary
Actions

D4393.id10778.diff
View Options