From c72daed94b8c9872ce0dd419ecb4d24a635dc688 Mon Sep 17 00:00:00 2001 From: gordon Date: Sat, 9 Dec 2017 03:45:23 +0000 Subject: [PATCH] Fix error state handling Approved by: so Security: CVE-2017-3737 Security: FreeBSD-SA-17:12.openssl git-svn-id: svn://svn.freebsd.org/base/releng/10.3@326723 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- UPDATING | 6 +++++- crypto/openssl/ssl/ssl.h | 2 +- sys/conf/newvers.sh | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/UPDATING b/UPDATING index 1641f6137..7f1e11bd4 100644 --- a/UPDATING +++ b/UPDATING @@ -1,5 +1,5 @@ Updating Information for FreeBSD current users - +2 This file is maintained and copyrighted by M. Warner Losh . See end of file for further details. For commonly done items, please see the COMMON ITEMS: section later in the file. These instructions assume that you @@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20171209 p26 FreeBSD-SA-17:12.openssl + + Fix OpenSSL error state vulnerability. + 20171129 p25 FreeBSD-SA-17:11.openssl Fix OpenSSL out-of-bounds read vulnerability. diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h index b78d954ac..40253b229 100644 --- a/crypto/openssl/ssl/ssl.h +++ b/crypto/openssl/ssl/ssl.h @@ -1544,7 +1544,7 @@ extern "C" { # define SSL_ST_BEFORE 0x4000 # define SSL_ST_OK 0x03 # define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT) -# define SSL_ST_ERR 0x05 +# define SSL_ST_ERR (0x05|SSL_ST_INIT) # define SSL_CB_LOOP 0x01 # define SSL_CB_EXIT 0x02 diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh index 9ae8f15ec..ea4ab58c1 100644 --- a/sys/conf/newvers.sh +++ b/sys/conf/newvers.sh @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.3" -BRANCH="RELEASE-p25" +BRANCH="RELEASE-p26" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi -- 2.42.0