| Index: UPDATING |
| =================================================================== |
| --- UPDATING (版本 311916) |
| +++ UPDATING (版本 314126) |
| @@ -16,6 +16,10 @@ |
| stable/10, and then rebuild without this option. The bootstrap process from |
| older version of current is a bit fragile. |
| |
| +20170223 p17 FreeBSD-SA-17:02.openssl |
| + |
| + Fix OpenSSL RC4_MD5 cipher vulnerability. |
| + |
| 20170111 p16 FreeBSD-SA-17:01.openssh |
| |
| Fix multiple vulnerabilities of OpenSSH. |
| Index: crypto/openssl/crypto/evp/e_rc4_hmac_md5.c |
| =================================================================== |
| --- crypto/openssl/crypto/evp/e_rc4_hmac_md5.c (版本 311916) |
| +++ crypto/openssl/crypto/evp/e_rc4_hmac_md5.c (版本 314126) |
| @@ -267,6 +267,8 @@ |
| len = p[arg - 2] << 8 | p[arg - 1]; |
| |
| if (!ctx->encrypt) { |
| + if (len < MD5_DIGEST_LENGTH) |
| + return -1; |
| len -= MD5_DIGEST_LENGTH; |
| p[arg - 2] = len >> 8; |
| p[arg - 1] = len; |
| Index: sys/conf/newvers.sh |
| =================================================================== |
| --- sys/conf/newvers.sh (版本 311916) |
| +++ sys/conf/newvers.sh (版本 314126) |
| @@ -32,7 +32,7 @@ |
| |
| TYPE="FreeBSD" |
| REVISION="10.3" |
| -BRANCH="RELEASE-p16" |
| +BRANCH="RELEASE-p17" |
| if [ "X${BRANCH_OVERRIDE}" != "X" ]; then |
| BRANCH=${BRANCH_OVERRIDE} |
| fi |