diff options
author | sbd <sbd@pkgsrc.org> | 2011-02-11 04:26:39 +0000 |
---|---|---|
committer | sbd <sbd@pkgsrc.org> | 2011-02-11 04:26:39 +0000 |
commit | 9af093c0846372251cd9bdbfef5bcda741fc2391 (patch) | |
tree | 0fbc30315624100e21d7610ffbed87bcf7e32716 | |
parent | 8f2a61813ed886da0d4a903b4754217f25bd1e72 (diff) | |
download | pkgsrc-9af093c0846372251cd9bdbfef5bcda741fc2391.tar.gz |
Pullup ticket #3347 - requested by taca
security/openssl security fix
Revisions pulled up:
- pkgsrc/security/openssl/Makefile 1.154
- pkgsrc/security/openssl/distinfo 1.80
- pkgsrc/security/openssl/patches/patch-ssl_t1__lib.c 1.1
-------------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Feb 9 00:15:30 UTC 2011
Modified Files:
pkgsrc/security/openssl: Makefile distinfo
Added Files:
pkgsrc/security/openssl/patches: patch-ssl_t1__lib.c
Log Message:
Add fix for security issue CVE-2011-0014.
Bump PKGREVISION.
-rw-r--r-- | security/openssl/Makefile | 3 | ||||
-rw-r--r-- | security/openssl/distinfo | 3 | ||||
-rw-r--r-- | security/openssl/patches/patch-ssl_t1__lib.c | 30 |
3 files changed, 34 insertions, 2 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 7012e37497f..b97e782afb2 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.153 2010/12/03 00:17:21 taca Exp $ +# $NetBSD: Makefile,v 1.153.2.1 2011/02/11 04:26:39 sbd Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty @@ -22,6 +22,7 @@ MASTER_SITES= ftp://ftp.openssl.org/snapshot/ .endif SVR4_PKGNAME= ossl +PKGREVISION= 1 CATEGORIES= security MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.openssl.org/ diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 4aab2e72202..b783a6e1586 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.79 2010/12/03 00:17:21 taca Exp $ +$NetBSD: distinfo,v 1.79.2.1 2011/02/11 04:26:39 sbd Exp $ SHA1 (openssl-0.9.8q.tar.gz) = 12b6859698ca299fa0cba594686c25d5c01e410d RMD160 (openssl-0.9.8q.tar.gz) = 2a6583fc059f83232b16d0dad8855fc8086f2450 @@ -11,3 +11,4 @@ SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302 +SHA1 (patch-ssl_t1__lib.c) = 0ec0cfd2c70c7d35c2bb1c6261d5817ea56941aa diff --git a/security/openssl/patches/patch-ssl_t1__lib.c b/security/openssl/patches/patch-ssl_t1__lib.c new file mode 100644 index 00000000000..0f0adf6a5ea --- /dev/null +++ b/security/openssl/patches/patch-ssl_t1__lib.c @@ -0,0 +1,30 @@ +$NetBSD: patch-ssl_t1__lib.c,v 1.1.2.2 2011/02/11 04:26:39 sbd Exp $ + +Fix for security issue CVE-2011-0014. + +--- ssl/t1_lib.c.orig 2010-11-16 14:26:18.000000000 +0000 ++++ ssl/t1_lib.c +@@ -521,6 +521,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, + } + n2s(data, idsize); + dsize -= 2 + idsize; ++ size -= 2 + idsize; + if (dsize < 0) + { + *al = SSL_AD_DECODE_ERROR; +@@ -559,9 +560,14 @@ int ssl_parse_clienthello_tlsext(SSL *s, + } + + /* Read in request_extensions */ ++ if (size < 2) ++ { ++ *al = SSL_AD_DECODE_ERROR; ++ return 0; ++ } + n2s(data,dsize); + size -= 2; +- if (dsize > size) ++ if (dsize != size) + { + *al = SSL_AD_DECODE_ERROR; + return 0; |