Bug 198681

Summary: [PATCH] security/libressl: backport CVE-2015-0209 & -0288
Product: Ports & Packages Reporter: Bernard Spil <brnrd>
Component: Individual Port(s)Assignee: Vsevolod Stakhov <vsevolod>
Status: Closed FIXED    
Severity: Affects Some People CC: vsevolod
Priority: --- Keywords: needs-patch, patch
Version: LatestFlags: bugzilla: maintainer-feedback? (vsevolod)
Hardware: Any   
OS: Any   
Attachments:
Description Flags
svn diff for security/libressl
none
svn diff for security/libressl
none
Poudriere testport log of security/libressl
none
svn diff for security/libressl
none
Poudriere build log of security/libressl
none
svn diff for security/libressl
none
Build log of security/libressl none

Description Bernard Spil freebsd_committer freebsd_triage 2015-03-18 11:33:23 UTC
Created attachment 154472 [details]
svn diff for security/libressl

Backport of 2 of the 3 "Low" vulnerabilities from tomorrow's to be announced OpenSSL sec vulns.

The originator of the High vuln indicated that LibreSSL doesn't seem to be affected, that leaves 3 medium vulns to analyze/fix.
Comment 1 Bernard Spil freebsd_committer freebsd_triage 2015-03-18 11:35:12 UTC
Created attachment 154473 [details]
svn diff for security/libressl
Comment 2 Vsevolod Stakhov freebsd_committer freebsd_triage 2015-03-18 11:36:28 UTC
Could you please add the entry to the vulnxml port?
Comment 3 Bernard Spil freebsd_committer freebsd_triage 2015-03-18 11:42:33 UTC
Created attachment 154474 [details]
Poudriere testport log of security/libressl
Comment 5 Bernard Spil freebsd_committer freebsd_triage 2015-03-18 13:31:26 UTC
Created attachment 154477 [details]
svn diff for security/libressl

Revised patch... According to upstream "most important part missing"
Comment 6 Bernard Spil freebsd_committer freebsd_triage 2015-03-18 13:35:52 UTC
Created attachment 154478 [details]
Poudriere build log of security/libressl
Comment 7 Kubilay Kocak freebsd_committer freebsd_triage 2015-03-18 13:52:00 UTC
Bernard, regarding the requested security/vuxml entry, don't hesitate to ask for assistance from #bsddocs or #bsdports folk.

You can find more info on the format here:

http://www2.au.freebsd.org/doc/en_US.ISO8859-1/books/porters-handbook/book.html#security-notify
Comment 8 Bernard Spil freebsd_committer freebsd_triage 2015-03-19 15:19:33 UTC
Created attachment 154518 [details]
svn diff for security/libressl

Now contains complete patch from GithUb for

CVE reference Description Severity
CVE-2015-0207 Segmentation fault in DTLSv1_listen moderate
CVE-2015-0209 Use After Free following d2i_ECPrivatekey error low
CVE-2015-0286 Segmentation fault in ASN1_TYPE_cmp moderate
CVE-2015-0287 ASN.1 structure reuse memory corruption moderate
CVE-2015-0289 PKCS7 NULL pointer dereferences moderate
Comment 9 Bernard Spil freebsd_committer freebsd_triage 2015-03-19 15:20:04 UTC
Created attachment 154519 [details]
Build log of security/libressl

With the patches applied
Comment 10 commit-hook freebsd_committer freebsd_triage 2015-03-19 15:30:47 UTC
A commit references this bug:

Author: vsevolod
Date: Thu Mar 19 15:30:30 UTC 2015
New revision: 381603
URL: https://svnweb.freebsd.org/changeset/ports/381603

Log:
  - Backport the following fixes from openssl [1]:
  CVE-2015-0207 Segmentation fault in DTLSv1_listen moderate
  CVE-2015-0209 Use After Free following d2i_ECPrivatekey error low
  CVE-2015-0286 Segmentation fault in ASN1_TYPE_cmp moderate
  CVE-2015-0287 ASN.1 structure reuse memory corruption moderate
  CVE-2015-0289 PKCS7 NULL pointer dereferences moderate
  - Enable libtls component [2]
  - Bump portrevision

  PR:		198681 [1]
  Submitted by:	Bernard Spil <spil.oss at gmail.com> [1], naddy [2]

Changes:
  head/security/libressl/Makefile
  head/security/libressl/pkg-plist
  head/security/libressl/security/
  head/security/libressl/security/libressl/
  head/security/libressl/security/libressl/files/
  head/security/libressl/security/libressl/files/patch-crypto_asn1_a__int.c
  head/security/libressl/security/libressl/files/patch-crypto_asn1_a__set.c
  head/security/libressl/security/libressl/files/patch-crypto_asn1_a__type.c
  head/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pr.c
  head/security/libressl/security/libressl/files/patch-crypto_asn1_d2i__pu.c
  head/security/libressl/security/libressl/files/patch-crypto_asn1_n__pkey.c
  head/security/libressl/security/libressl/files/patch-crypto_asn1_tasn__dec.c
  head/security/libressl/security/libressl/files/patch-crypto_asn1_x__x509.c
  head/security/libressl/security/libressl/files/patch-crypto_ec_ec__asn1.c
  head/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__doit.c
  head/security/libressl/security/libressl/files/patch-crypto_pkcs7_pk7__lib.c
  head/security/libressl/security/libressl/files/patch-ssl_d1__lib.c
Comment 11 Vsevolod Stakhov freebsd_committer freebsd_triage 2015-03-19 15:31:55 UTC
I've committed this patch but I'll still appreciate if you could update vulnxml entry accordingly.