Index: branches/2017Q1/security/libressl-devel/Makefile =================================================================== --- branches/2017Q1/security/libressl-devel/Makefile (revision 431206) +++ branches/2017Q1/security/libressl-devel/Makefile (revision 431207) @@ -1,47 +1,48 @@ # Created by: Bernard Spil # $FreeBSD$ PORTNAME= libressl PORTVERSION= 2.5.0 +PORTREVISION= 1 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL PKGNAMESUFFIX= -devel MAINTAINER= brnrd@FreeBSD.org COMMENT= Free version of the SSL/TLS protocol forked from OpenSSL LICENSE= BSD4CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING CPE_VENDOR= openbsd OPTIONS_DEFINE= MAN3 NC OPTIONS_DEFAULT= MAN3 NC MAN3_DESC= Install API manpages (section 3) NC_DESC= Install TLS-enabled netcat CONFLICTS_INSTALL= libressl-[0-9]* \ openssl-[0-9]* \ openssl-devel-[0-9]* GNU_CONFIGURE= yes USES= cpe libtool pathfix pkgconfig USE_LDCONFIG= yes OPTIONS_SUB= yes CFLAGS+= -fpic -DPIC INSTALL_TARGET= install-strip TEST_TARGET= check post-install: ${RM} -r ${STAGEDIR}/${PREFIX}/etc/ssl/cert.pem post-install-NC-on: ${INSTALL_PROGRAM} ${WRKSRC}/apps/nc/.libs/nc ${STAGEDIR}/${PREFIX}/bin/nc ${INSTALL_MAN} ${WRKSRC}/apps/nc/nc.1 ${STAGEDIR}/${PREFIX}/man/man1/nc.1 post-install-MAN3-off: ${RM} -r ${STAGEDIR}/${PREFIX}/man/man3 ${REINPLACE_CMD} -e '/^man\/man3/d' ${TMPPLIST} .include Index: branches/2017Q1/security/libressl-devel/files/patch-CVE-2016-7056 =================================================================== --- branches/2017Q1/security/libressl-devel/files/patch-CVE-2016-7056 (nonexistent) +++ branches/2017Q1/security/libressl-devel/files/patch-CVE-2016-7056 (revision 431207) @@ -0,0 +1,33 @@ +From 3585681bd8ac343b7c357a932c9577988bca86b0 Mon Sep 17 00:00:00 2001 +From: jsing <> +Date: Thu, 5 Jan 2017 13:25:52 +0000 +Subject: [PATCH] Avoid a side-channel cache-timing attack that can leak the + ECDSA private keys when signing. This is due to BN_mod_inverse() being used + without the constant time flag being set. + +This issue was reported by Cesar Pereida Garcia and Billy Brumley +(Tampere University of Technology). The fix was developed by Cesar Pereida +Garcia. +--- + src/lib/libcrypto/ecdsa/ecs_ossl.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/lib/libcrypto/ecdsa/ecs_ossl.c b/src/lib/libcrypto/ecdsa/ecs_ossl.c +index b03b1fb..9e23b88 100644 +--- crypto/ecdsa/ecs_ossl.c ++++ crypto/ecdsa/ecs_ossl.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: ecs_ossl.c,v 1.5 2014/07/12 16:03:37 miod Exp $ */ ++/* $OpenBSD: ecs_ossl.c,v 1.6 2015/02/08 13:35:07 jsing Exp $ */ + /* + * Written by Nils Larsch for the OpenSSL project + */ +@@ -142,6 +142,8 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) + if (!BN_add(k, k, order)) + goto err; + ++ BN_set_flags(k, BN_FLG_CONSTTIME); ++ + /* compute r the x-coordinate of generator * k */ + if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { + ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB); Property changes on: branches/2017Q1/security/libressl-devel/files/patch-CVE-2016-7056 ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2017Q1 =================================================================== --- branches/2017Q1 (revision 431206) +++ branches/2017Q1 (revision 431207) Property changes on: branches/2017Q1 ___________________________________________________________________ Modified: svn:mergeinfo ## -0,0 +0,1 ## Merged /head:r431176