security/libressl: Security update to 3.2.5

Security:	eeca52dc-866c-11eb-b8d6-d4c9ef517024

3 files changed, 4 insertions, 79 deletions

diff --git a/security/libressl/Makefile b/security/libressl/Makefile
index da6d7db18a34..925dd3e90fc9 100644
--- a/security/libressl/Makefile
+++ b/security/libressl/Makefile
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	libressl
-PORTVERSION=	3.2.4
-PORTREVISION=	1
+PORTVERSION=	3.2.5
 CATEGORIES=	security devel
 MASTER_SITES=	OPENBSD/LibreSSL
 
diff --git a/security/libressl/distinfo b/security/libressl/distinfo
index 6c76bcf7b32d..e653239e2a1c 100644
--- a/security/libressl/distinfo
+++ b/security/libressl/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1613210493
-SHA256 (libressl-3.2.4.tar.gz) = ac1dbb9e05a64910856599b1ac61118fdec1b3d0c700e42444d81c0d5f507a5a
-SIZE (libressl-3.2.4.tar.gz) = 3841822
+TIMESTAMP = 1616151929
+SHA256 (libressl-3.2.5.tar.gz) = 798a65fd61d385e09d559810cdfa46512f8def5919264cfef241a7b086ce7cfe
+SIZE (libressl-3.2.5.tar.gz) = 3842149
diff --git a/security/libressl/files/patch-OpenBSD-Errata-6.8-17 b/security/libressl/files/patch-OpenBSD-Errata-6.8-17
deleted file mode 100644
index b22fbdcc3a6a..000000000000
--- a/security/libressl/files/patch-OpenBSD-Errata-6.8-17
+++ /dev/null
@@ -1,74 +0,0 @@
-OpenBSD 6.8 errata 017, March 12, 2021:
-
-A TLS client using session resumption may cause a use-after-free.
-
-Apply by doing:
-    signify -Vep /etc/signify/openbsd-68-base.pub -x 017_libssl.patch.sig \
-        -m - | (cd /usr/src && patch -p0)
-
-And then rebuild and install libssl and unwind:
-    cd /usr/src/lib/libssl
-    make obj
-    make
-    make install
-    cd /usr/src/sbin/unwind
-    make obj
-    make
-    make install
-
-Index: lib/libssl/s3_lib.c
-===================================================================
-RCS file: /home/cvs/src/lib/libssl/s3_lib.c,v
-retrieving revision 1.198
-diff -u -p -r1.198 s3_lib.c
---- ssl/s3_lib.c	17 Sep 2020 15:42:14 -0000	1.198
-+++ ssl/s3_lib.c	9 Mar 2021 18:50:53 -0000
-@@ -1577,6 +1577,10 @@ ssl3_free(SSL *s)
- 
- 	free(S3I(s)->alpn_selected);
- 
-+	/* Clear reference to sequence numbers. */
-+	tls12_record_layer_clear_read_state(s->internal->rl);
-+	tls12_record_layer_clear_write_state(s->internal->rl);
-+
- 	freezero(S3I(s), sizeof(*S3I(s)));
- 	freezero(s->s3, sizeof(*s->s3));
- 
-@@ -1648,6 +1652,11 @@ ssl3_clear(SSL *s)
- 
- 	s->internal->packet_length = 0;
- 	s->version = TLS1_VERSION;
-+
-+	tls12_record_layer_set_read_seq_num(s->internal->rl,
-+	    S3I(s)->read_sequence);
-+	tls12_record_layer_set_write_seq_num(s->internal->rl,
-+	    S3I(s)->write_sequence);
- 
- 	S3I(s)->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
- }
-Index: lib/libssl/ssl_lib.c
-===================================================================
-RCS file: /home/cvs/src/lib/libssl/ssl_lib.c,v
-retrieving revision 1.234.4.1
-diff -u -p -r1.234.4.1 ssl_lib.c
---- ssl/ssl_lib.c	3 Feb 2021 07:06:13 -0000	1.234.4.1
-+++ ssl/ssl_lib.c	9 Mar 2021 18:50:53 -0000
-@@ -253,6 +253,8 @@ SSL_new(SSL_CTX *ctx)
- 		goto err;
- 	if ((s->internal = calloc(1, sizeof(*s->internal))) == NULL)
- 		goto err;
-+	if ((s->internal->rl = tls12_record_layer_new()) == NULL)
-+		goto err;
- 
- 	s->internal->min_version = ctx->internal->min_version;
- 	s->internal->max_version = ctx->internal->max_version;
-@@ -339,9 +341,6 @@ SSL_new(SSL_CTX *ctx)
- 	s->method = ctx->method;
- 
- 	if (!s->method->internal->ssl_new(s))
--		goto err;
--
--	if ((s->internal->rl = tls12_record_layer_new()) == NULL)
- 		goto err;
- 
- 	s->references = 1;