aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGordon Tetlow <gordon@FreeBSD.org>2017-12-09 03:45:23 +0000
committerGordon Tetlow <gordon@FreeBSD.org>2017-12-09 03:45:23 +0000
commit778b7c0a70931e839ad663ef880a0257a8fe3a80 (patch)
treed23d6df8c86bb6477504b40bc62f7ac38e71aa49
parent743f9810cd12a22018ae29920d325dd9927d78bf (diff)
downloadsrc-778b7c0a70931e839ad663ef880a0257a8fe3a80.tar.gz
src-778b7c0a70931e839ad663ef880a0257a8fe3a80.zip
Fix error state handling
Approved by: so Security: CVE-2017-3737 Security: FreeBSD-SA-17:12.openssl
Notes
Notes: svn path=/releng/10.3/; revision=326723
-rw-r--r--UPDATING6
-rw-r--r--crypto/openssl/ssl/ssl.h2
-rw-r--r--sys/conf/newvers.sh2
3 files changed, 7 insertions, 3 deletions
diff --git a/UPDATING b/UPDATING
index 1641f6137374..7f1e11bd45c8 100644
--- a/UPDATING
+++ b/UPDATING
@@ -1,5 +1,5 @@
Updating Information for FreeBSD current users
-
+2
This file is maintained and copyrighted by M. Warner Losh <imp@freebsd.org>.
See end of file for further details. For commonly done items, please see the
COMMON ITEMS: section later in the file. These instructions assume that you
@@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITHOUT_CLANG to bootstrap to the tip of
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20171209 p26 FreeBSD-SA-17:12.openssl
+
+ Fix OpenSSL error state vulnerability.
+
20171129 p25 FreeBSD-SA-17:11.openssl
Fix OpenSSL out-of-bounds read vulnerability.
diff --git a/crypto/openssl/ssl/ssl.h b/crypto/openssl/ssl/ssl.h
index b78d954ac6ef..40253b229a65 100644
--- a/crypto/openssl/ssl/ssl.h
+++ b/crypto/openssl/ssl/ssl.h
@@ -1544,7 +1544,7 @@ extern "C" {
# define SSL_ST_BEFORE 0x4000
# define SSL_ST_OK 0x03
# define SSL_ST_RENEGOTIATE (0x04|SSL_ST_INIT)
-# define SSL_ST_ERR 0x05
+# define SSL_ST_ERR (0x05|SSL_ST_INIT)
# define SSL_CB_LOOP 0x01
# define SSL_CB_EXIT 0x02
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index 9ae8f15eca6c..ea4ab58c1e44 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.3"
-BRANCH="RELEASE-p25"
+BRANCH="RELEASE-p26"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi