Index: head/security/libressl/files/patch-OpenBSD-Errata-6.8-17 =================================================================== --- head/security/libressl/files/patch-OpenBSD-Errata-6.8-17 (revision 568877) +++ head/security/libressl/files/patch-OpenBSD-Errata-6.8-17 (nonexistent) @@ -1,74 +0,0 @@ -OpenBSD 6.8 errata 017, March 12, 2021: - -A TLS client using session resumption may cause a use-after-free. - -Apply by doing: - signify -Vep /etc/signify/openbsd-68-base.pub -x 017_libssl.patch.sig \ - -m - | (cd /usr/src && patch -p0) - -And then rebuild and install libssl and unwind: - cd /usr/src/lib/libssl - make obj - make - make install - cd /usr/src/sbin/unwind - make obj - make - make install - -Index: lib/libssl/s3_lib.c -=================================================================== -RCS file: /home/cvs/src/lib/libssl/s3_lib.c,v -retrieving revision 1.198 -diff -u -p -r1.198 s3_lib.c ---- ssl/s3_lib.c 17 Sep 2020 15:42:14 -0000 1.198 -+++ ssl/s3_lib.c 9 Mar 2021 18:50:53 -0000 -@@ -1577,6 +1577,10 @@ ssl3_free(SSL *s) - - free(S3I(s)->alpn_selected); - -+ /* Clear reference to sequence numbers. */ -+ tls12_record_layer_clear_read_state(s->internal->rl); -+ tls12_record_layer_clear_write_state(s->internal->rl); -+ - freezero(S3I(s), sizeof(*S3I(s))); - freezero(s->s3, sizeof(*s->s3)); - -@@ -1648,6 +1652,11 @@ ssl3_clear(SSL *s) - - s->internal->packet_length = 0; - s->version = TLS1_VERSION; -+ -+ tls12_record_layer_set_read_seq_num(s->internal->rl, -+ S3I(s)->read_sequence); -+ tls12_record_layer_set_write_seq_num(s->internal->rl, -+ S3I(s)->write_sequence); - - S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); - } -Index: lib/libssl/ssl_lib.c -=================================================================== -RCS file: /home/cvs/src/lib/libssl/ssl_lib.c,v -retrieving revision 1.234.4.1 -diff -u -p -r1.234.4.1 ssl_lib.c ---- ssl/ssl_lib.c 3 Feb 2021 07:06:13 -0000 1.234.4.1 -+++ ssl/ssl_lib.c 9 Mar 2021 18:50:53 -0000 -@@ -253,6 +253,8 @@ SSL_new(SSL_CTX *ctx) - goto err; - if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL) - goto err; -+ if ((s->internal->rl = tls12_record_layer_new()) == NULL) -+ goto err; - - s->internal->min_version = ctx->internal->min_version; - s->internal->max_version = ctx->internal->max_version; -@@ -339,9 +341,6 @@ SSL_new(SSL_CTX *ctx) - s->method = ctx->method; - - if (!s->method->internal->ssl_new(s)) -- goto err; -- -- if ((s->internal->rl = tls12_record_layer_new()) == NULL) - goto err; - - s->references = 1; Property changes on: head/security/libressl/files/patch-OpenBSD-Errata-6.8-17 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/security/libressl/Makefile =================================================================== --- head/security/libressl/Makefile (revision 568877) +++ head/security/libressl/Makefile (revision 568878) @@ -1,47 +1,46 @@ # Created by: Vsevolod Stakhov # $FreeBSD$ PORTNAME= libressl -PORTVERSION= 3.2.4 -PORTREVISION= 1 +PORTVERSION= 3.2.5 CATEGORIES= security devel MASTER_SITES= OPENBSD/LibreSSL MAINTAINER= brnrd@FreeBSD.org COMMENT= Free version of the SSL/TLS protocol forked from OpenSSL LICENSE= BSD4CLAUSE LICENSE_FILE= ${WRKSRC}/COPYING CPE_VENDOR= openbsd OPTIONS_DEFINE= MAN3 NC OPTIONS_DEFAULT= MAN3 NC MAN3_DESC= Install API manpages (section 3) NC_DESC= Install TLS-enabled netcat CONFLICTS_INSTALL= libressl-devel-[0-9]* \ openssl-[0-9]* \ openssl-devel-[0-9]* NC_CONFIGURE_ENABLE= nc GNU_CONFIGURE= yes USES= cpe libtool pathfix pkgconfig USE_LDCONFIG= yes OPTIONS_SUB= yes CFLAGS+= -fpic -DPIC -Wl,-rpath,${PREFIX}/lib -Wl,--as-needed LDFLAGS+= -pthread INSTALL_TARGET= install-strip TEST_TARGET= check post-patch-MAN3-off: ${REINPLACE_CMD} -e '/^install-man:/s/install-man3//' \ -e '/$$(MAKE) $$(AM_MAKEFLAGS) install-data-hook/d' \ ${WRKSRC}/man/Makefile.in post-install: ${RM} -r ${STAGEDIR}/${PREFIX}/etc/ssl/cert.pem .include Index: head/security/libressl/distinfo =================================================================== --- head/security/libressl/distinfo (revision 568877) +++ head/security/libressl/distinfo (revision 568878) @@ -1,3 +1,3 @@ -TIMESTAMP = 1613210493 -SHA256 (libressl-3.2.4.tar.gz) = ac1dbb9e05a64910856599b1ac61118fdec1b3d0c700e42444d81c0d5f507a5a -SIZE (libressl-3.2.4.tar.gz) = 3841822 +TIMESTAMP = 1616151929 +SHA256 (libressl-3.2.5.tar.gz) = 798a65fd61d385e09d559810cdfa46512f8def5919264cfef241a7b086ce7cfe +SIZE (libressl-3.2.5.tar.gz) = 3842149