Hi, Running Poudriere in 11-RELEASE. Libressl fails to build in the quarterly branch. ===> Applying FreeBSD patches for libressl-2.4.5_1 1 out of 2 hunks failed--saving rejects to crypto/x509/x509_vfy.c.rej => FreeBSD patch patch-CVE-2017-8301 failed to apply cleanly. *** Error code 1 Stop. Make file options: /usr/jails/poudriere/usr/local/etc/poudriere.d # cat 110amd64-2017Q2-libressl-make.conf WITH_OPENSSL_PORT= yes DEFAULT_VERSIONS+=ssl=libressl OPTIONS_UNSET= GSSAPI_BASE OPTIONS_SET= GSSAPI_NONE OPTIONS_UNSET+= GSSAPI # jexec poudriere uname -a FreeBSD poudriere 11.0-RELEASE-p8 FreeBSD 11.0-RELEASE-p8 #0: Wed Feb 22 06:12:04 UTC 2017 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
Hi, I had a look in the lab and the mentioned patch fixes the CVE-2017-8301 in Libressl 2.5.X, that is available in Head, but the Libressl version in 2017Q2 2.4.5. Kind regards, Xavier Garcia
*** This bug has been marked as a duplicate of bug 218988 ***
A commit references this bug: Author: brnrd Date: Tue May 2 14:31:54 UTC 2017 New revision: 439948 URL: https://svnweb.freebsd.org/changeset/ports/439948 Log: security/libressl: Revert previous commit - Big fail on my part, required revert - Version 2.4.5 not vulnerable to CVE-2017-8301 PR: 218988 219005 Reported by: Xavier Garcia <vi.garcia@gmail.com> Reported by: Fabian Keil <fk@fabiankeil.de> Approved by: ports-secteam (broken quarterly blanket) Changes: branches/2017Q2/security/libressl/Makefile branches/2017Q2/security/libressl/files/patch-CVE-2017-8301 branches/2017Q2/security/libressl-devel/Makefile branches/2017Q2/security/libressl-devel/files/patch-CVE-2017-8301