Fix for CVE-2010-2939

3 files changed, 18 insertions, 2 deletions

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 61d18feea92..3d28656fe0c 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.150 2010/08/01 05:24:00 obache Exp $
+# $NetBSD: Makefile,v 1.151 2010/10/08 20:04:58 tez Exp $
 
 OPENSSL_SNAPSHOT?=	# empty
 OPENSSL_STABLE?=	# empty
 OPENSSL_VERS?=		0.9.8o
+PKGREVISION=		1
 
 .if empty(OPENSSL_SNAPSHOT)
 DISTNAME=	openssl-${OPENSSL_VERS}
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index bd40254d7ff..8d68e86987a 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.76 2010/08/18 11:20:55 wiz Exp $
+$NetBSD: distinfo,v 1.77 2010/10/08 20:04:58 tez Exp $
 
 SHA1 (openssl-0.9.8o.tar.gz) = 80c73afc7dca790cd26936cb392a4dfd14d4e4d7
 RMD160 (openssl-0.9.8o.tar.gz) = c2e455a17bce59c8a54522ffaa26c3a5cb26b510
@@ -11,3 +11,4 @@ SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6
 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8
 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0
 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302
+SHA1 (patch-bd) = 988316ad0a4e0a369cff600e7ea0ef234e6c1461
diff --git a/security/openssl/patches/patch-bd b/security/openssl/patches/patch-bd
new file mode 100644
index 00000000000..e56a73b2e76
--- /dev/null
+++ b/security/openssl/patches/patch-bd
@@ -0,0 +1,14 @@
+$NetBSD: patch-bd,v 1.1 2010/10/08 20:04:58 tez Exp $
+
+Fix for CVE-2010-2939
+
+--- ssl/s3_clnt.c.orig	2010-10-07 15:13:10.061888900 -0500
++++ ssl/s3_clnt.c	2010-10-07 15:14:30.209139600 -0500
+@@ -1377,6 +1377,7 @@
+ 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
+ 		ecdh=NULL;
+ 		BN_CTX_free(bn_ctx);
++		bn_ctx = NULL;
+ 		EC_POINT_free(srvr_ecpoint);
+ 		srvr_ecpoint = NULL;
+ 		}