10.4/releng-p4.diff - freebsd-patches - Rivoreo Source Code Repositories

 Index: UPDATING
 ===================================================================
 --- UPDATING	(revision 325877)
 +++ UPDATING	(revision 326359)
 @@ -16,6 +16,10 @@
  stable/10, and then rebuild without this option. The bootstrap process from
  older version of current is a bit fragile.

 +20171129	p4	FreeBSD-SA-17:11.openssl
 +
 +	Fix OpenSSL out-of-bounds read vulnerability.
 +
  20171115	p3	FreeBSD-SA-17:08.ptrace
  			FreeBSD-SA-17:09.shm
  			FreeBSD-SA-17:10.kldstat
 Index: crypto/openssl/crypto/x509v3/v3_addr.c
 ===================================================================
 --- crypto/openssl/crypto/x509v3/v3_addr.c	(revision 325877)
 +++ crypto/openssl/crypto/x509v3/v3_addr.c	(revision 326359)
 @@ -130,10 +130,12 @@
   */
  unsigned int v3_addr_get_afi(const IPAddressFamily *f)
  {
 -    return ((f != NULL &&
 -             f->addressFamily != NULL && f->addressFamily->data != NULL)
 -            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
 -            : 0);
 +    if (f == NULL
 +            || f->addressFamily == NULL
 +            || f->addressFamily->data == NULL
 +            || f->addressFamily->length < 2)
 +        return 0;
 +    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
  }

  /*
 Index: sys/conf/newvers.sh
 ===================================================================
 --- sys/conf/newvers.sh	(revision 325877)
 +++ sys/conf/newvers.sh	(revision 326359)
 @@ -32,7 +32,7 @@

  TYPE="FreeBSD"
  REVISION="10.4"
 -BRANCH="RELEASE-p3"
 +BRANCH="RELEASE-p4"
  if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
  	BRANCH=${BRANCH_OVERRIDE}
  fi
	Index: UPDATING
	===================================================================
	--- UPDATING (revision 325877)
	+++ UPDATING (revision 326359)
	@@ -16,6 +16,10 @@
	stable/10, and then rebuild without this option. The bootstrap process from
	older version of current is a bit fragile.

	+20171129 p4 FreeBSD-SA-17:11.openssl
	+
	+ Fix OpenSSL out-of-bounds read vulnerability.
	+
	20171115 p3 FreeBSD-SA-17:08.ptrace
	FreeBSD-SA-17:09.shm
	FreeBSD-SA-17:10.kldstat
	Index: crypto/openssl/crypto/x509v3/v3_addr.c
	===================================================================
	--- crypto/openssl/crypto/x509v3/v3_addr.c (revision 325877)
	+++ crypto/openssl/crypto/x509v3/v3_addr.c (revision 326359)
	@@ -130,10 +130,12 @@
	*/
	unsigned int v3_addr_get_afi(const IPAddressFamily *f)
	{
	- return ((f != NULL &&
	- f->addressFamily != NULL && f->addressFamily->data != NULL)
	- ? ((f->addressFamily->data[0] << 8) \| (f->addressFamily->data[1]))
	- : 0);
	+ if (f == NULL
	+ \|\| f->addressFamily == NULL
	+ \|\| f->addressFamily->data == NULL
	+ \|\| f->addressFamily->length < 2)
	+ return 0;
	+ return (f->addressFamily->data[0] << 8) \| f->addressFamily->data[1];
	}

	/*
	Index: sys/conf/newvers.sh
	===================================================================
	--- sys/conf/newvers.sh (revision 325877)
	+++ sys/conf/newvers.sh (revision 326359)
	@@ -32,7 +32,7 @@

	TYPE="FreeBSD"
	REVISION="10.4"
	-BRANCH="RELEASE-p3"
	+BRANCH="RELEASE-p4"
	if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
	BRANCH=${BRANCH_OVERRIDE}
	fi