Summary: | [patch] openssl - fix regression from CVE-2014-0224 - "ccs received early" | ||||||
---|---|---|---|---|---|---|---|
Product: | Base System | Reporter: | Andrew Daugherity <andrew.daugherity> | ||||
Component: | bin | Assignee: | FreeBSD Release Engineering <re> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Many People | CC: | benl, delphij, jkim | ||||
Priority: | --- | Keywords: | patch, regression | ||||
Version: | 8.4-RELEASE | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Description
Andrew Daugherity
2014-07-11 01:25:37 UTC
Pasting in lost comments from the mailing list archives. It seems I do not have permissions to add the people to CC that Xin LI did in #2, so if someone can redo that, it would be appreciated. FYI I browsed the openssl patch that just dropped (FreeBSD-SA-15:01.openssl) and it appears to be unrelated to this issue (aside from making me buildworld yet again). ======== --- Comment #1 from Andrew Daugherity <andrew.daugherity at gmail.com> --- This bug still needs attention -- I have to rebuild libssl locally (with this patch) after each openssl advisory. For releng/10.1 it was fixed with the import of openssl 1.0.1i in r269686. It has not been fixed for releng/10.0, 9.3, or 8.4 (or 9.1/9.2, but those have fallen out of support). Can someone please add the 'patch' and 'regression' keywords (or whatever is appropriate -- I apparently can't set them myself) so the appropriate people see it and the patch can be reviewed/committed? Thanks! Xin LI <delphij at FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |benl at FreeBSD.org, | |delphij at FreeBSD.org, | |jkim at FreeBSD.org --- Comment #2 from Xin LI <delphij at FreeBSD.org> --- (In reply to Andrew Daugherity from comment #1) The change was superseded later by commit e94a6c0 [1] which looks like needs to be ported, too? Adding OpenSSL maintainers for their opinion as well. [1] https://github.com/openssl/openssl/commit/e94a6c0ede623960728415b68650a595e48f5a43 --- Comment #3 from Andrew Daugherity <andrew.daugherity at gmail.com> --- (In reply to Xin LI from comment #2) Interestingly, that fix was not committed to the upstream OpenSSL_0_9_8-stable branch. No idea if that's an oversight or intentional. If it was correctly omitted, then only FreeBSD 10.x would need the extra fix, as 8.x and 9.x track 0.9.8 and would only need the original one-line patch. ======== This should have been resolved by FreeBSD-EN-15:02.openssl. Yes, as FreeBSD-EN-15:02.openssl pulled in new versions of OpenSSL wholesale, which included this commit, it should. I have successfully tested it on 8.4. My apologies, I had meant to update this bug afterwards but it slipped my mind. |