diff options
| author | ghen <ghen@pkgsrc.org> | 2007-10-22 08:47:22 +0000 |
|---|---|---|
| committer | ghen <ghen@pkgsrc.org> | 2007-10-22 08:47:22 +0000 |
| commit | 7c72e75bcafc159f91127fe911f49348d9ea4c69 (patch) | |
| tree | 737639f12e9ad900d6f32768fd53401651ba34fc | |
| parent | 31006965e5bf84be18cf0a1e120168b1829ba0db (diff) | |
| download | pkgsrc-7c72e75bcafc159f91127fe911f49348d9ea4c69.tar.gz | |
Pullup ticket 2209 - requested by adrianp
security fix for openssl
- pkgsrc/security/openssl/Makefile 1.128
- pkgsrc/security/openssl/distinfo 1.56
- pkgsrc/security/openssl/patches/patch-ao 1.2
Module Name: pkgsrc
Committed By: adrianp
Date: Sun Oct 21 17:52:53 UTC 2007
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
pkgsrc/security/openssl/patches: patch-ao
Log Message:
Full and proper fix for CVE-2007-5135
PKGREVISION++
| -rw-r--r-- | security/openssl/Makefile | 4 | ||||
| -rw-r--r-- | security/openssl/distinfo | 4 | ||||
| -rw-r--r-- | security/openssl/patches/patch-ao | 54 |
3 files changed, 48 insertions, 14 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index f6c96c77a5a..57b3a05591b 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.127 2007/08/04 14:29:43 tnn Exp $ +# $NetBSD: Makefile,v 1.127.2.1 2007/10/22 08:47:22 ghen Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty @@ -24,7 +24,7 @@ MASTER_SITES= ftp://ftp.openssl.org/snapshot/ . endif .endif -PKGREVISION= 4 +PKGREVISION= 5 SVR4_PKGNAME= ossl CATEGORIES= security MAINTAINER= pkgsrc-users@NetBSD.org diff --git a/security/openssl/distinfo b/security/openssl/distinfo index dde5511b061..350967f4f56 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.55 2007/08/04 14:29:43 tnn Exp $ +$NetBSD: distinfo,v 1.55.2.1 2007/10/22 08:47:23 ghen Exp $ SHA1 (openssl-0.9.7i.tar.gz) = 4c23925744d43272fa19615454da44e01465eb06 RMD160 (openssl-0.9.7i.tar.gz) = 0dce52c5793a0c37f17b620f7d26bbf9e4fcf755 @@ -14,7 +14,7 @@ SHA1 (patch-ak) = 7f9960a97cbe83c381c2a4565ca3a6e4e661bf54 SHA1 (patch-al) = 64fd0be6adf30821b4c4bba3c9088c6dcbff3ba7 SHA1 (patch-am) = 209aad896f976e5acc9bf66f5e3fdf6193d2ff3d SHA1 (patch-an) = c38cf54341ae5b770f984859c1a3bf6df41e0532 -SHA1 (patch-ao) = 834860d35eaa1211db664346a362822114bd16ef +SHA1 (patch-ao) = 625c6379b38769b639bc7f87ccb0d23c651bf5eb SHA1 (patch-ap) = 9473b8e69b71864baab3d38ee3de90e7027b1b0b SHA1 (patch-aq) = 68704a8048f7eea3744ae5e04dda09c676762923 SHA1 (patch-ar) = 575be597244eb04576651d7b0276604d51fa7464 diff --git a/security/openssl/patches/patch-ao b/security/openssl/patches/patch-ao index 0b53ba7001a..957a0e527d6 100644 --- a/security/openssl/patches/patch-ao +++ b/security/openssl/patches/patch-ao @@ -1,15 +1,49 @@ -$NetBSD: patch-ao,v 1.1 2006/09/30 04:20:24 taca Exp $ +$NetBSD: patch-ao,v 1.1.10.1 2007/10/22 08:47:23 ghen Exp $ -# http://secunia.com/advisories/22130/ +# CVE-2007-5135 ---- ssl/ssl_lib.c.orig 2005-06-11 05:00:39.000000000 +0900 +--- ssl/ssl_lib.c.orig 2005-06-10 21:00:39.000000000 +0100 +++ ssl/ssl_lib.c -@@ -1187,7 +1187,7 @@ char *SSL_get_shared_ciphers(const SSL * +@@ -1169,7 +1169,6 @@ int SSL_set_cipher_list(SSL *s,const cha + char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) + { + char *p; +- const char *cp; + STACK_OF(SSL_CIPHER) *sk; + SSL_CIPHER *c; + int i; +@@ -1182,20 +1181,21 @@ char *SSL_get_shared_ciphers(const SSL * + sk=s->session->ciphers; + for (i=0; i<sk_SSL_CIPHER_num(sk); i++) + { +- /* Decrement for either the ':' or a '\0' */ +- len--; ++ int n; ++ c=sk_SSL_CIPHER_value(sk,i); - for (cp=c->name; *cp; ) - { +- for (cp=c->name; *cp; ) +- { - if (len-- == 0) -+ if (len-- <= 0) - { - *p='\0'; - return(buf); +- { +- *p='\0'; +- return(buf); +- } +- else +- *(p++)= *(cp++); +- } +- *(p++)=':'; ++ n=strlen(c->name); ++ if (n+1 > len) ++ { ++ if (p != buf) ++ --p; ++ *p='\0'; ++ return buf; ++ } ++ strcpy(p,c->name); ++ p+=n; ++ *(p++)=':'; ++ len-=n+1; + } + p[-1]='\0'; + return(buf); |