From 15cd55480d373eff7f6b76c51134698d3186980a Mon Sep 17 00:00:00 2001 From: tez Date: Fri, 8 Oct 2010 20:04:58 +0000 Subject: Fix for CVE-2010-2939 --- security/openssl/Makefile | 3 ++- security/openssl/distinfo | 3 ++- security/openssl/patches/patch-bd | 14 ++++++++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 security/openssl/patches/patch-bd (limited to 'security/openssl') diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 61d18feea92..3d28656fe0c 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,8 +1,9 @@ -# $NetBSD: Makefile,v 1.150 2010/08/01 05:24:00 obache Exp $ +# $NetBSD: Makefile,v 1.151 2010/10/08 20:04:58 tez Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty OPENSSL_VERS?= 0.9.8o +PKGREVISION= 1 .if empty(OPENSSL_SNAPSHOT) DISTNAME= openssl-${OPENSSL_VERS} diff --git a/security/openssl/distinfo b/security/openssl/distinfo index bd40254d7ff..8d68e86987a 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.76 2010/08/18 11:20:55 wiz Exp $ +$NetBSD: distinfo,v 1.77 2010/10/08 20:04:58 tez Exp $ SHA1 (openssl-0.9.8o.tar.gz) = 80c73afc7dca790cd26936cb392a4dfd14d4e4d7 RMD160 (openssl-0.9.8o.tar.gz) = c2e455a17bce59c8a54522ffaa26c3a5cb26b510 @@ -11,3 +11,4 @@ SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302 +SHA1 (patch-bd) = 988316ad0a4e0a369cff600e7ea0ef234e6c1461 diff --git a/security/openssl/patches/patch-bd b/security/openssl/patches/patch-bd new file mode 100644 index 00000000000..e56a73b2e76 --- /dev/null +++ b/security/openssl/patches/patch-bd @@ -0,0 +1,14 @@ +$NetBSD: patch-bd,v 1.1 2010/10/08 20:04:58 tez Exp $ + +Fix for CVE-2010-2939 + +--- ssl/s3_clnt.c.orig 2010-10-07 15:13:10.061888900 -0500 ++++ ssl/s3_clnt.c 2010-10-07 15:14:30.209139600 -0500 +@@ -1377,6 +1377,7 @@ + s->session->sess_cert->peer_ecdh_tmp=ecdh; + ecdh=NULL; + BN_CTX_free(bn_ctx); ++ bn_ctx = NULL; + EC_POINT_free(srvr_ecpoint); + srvr_ecpoint = NULL; + } -- cgit v1.2.3