From 7c72e75bcafc159f91127fe911f49348d9ea4c69 Mon Sep 17 00:00:00 2001 From: ghen Date: Mon, 22 Oct 2007 08:47:22 +0000 Subject: Pullup ticket 2209 - requested by adrianp security fix for openssl - pkgsrc/security/openssl/Makefile 1.128 - pkgsrc/security/openssl/distinfo 1.56 - pkgsrc/security/openssl/patches/patch-ao 1.2 Module Name: pkgsrc Committed By: adrianp Date: Sun Oct 21 17:52:53 UTC 2007 Modified Files: pkgsrc/security/openssl: Makefile distinfo pkgsrc/security/openssl/patches: patch-ao Log Message: Full and proper fix for CVE-2007-5135 PKGREVISION++ --- security/openssl/Makefile | 4 +-- security/openssl/distinfo | 4 +-- security/openssl/patches/patch-ao | 54 +++++++++++++++++++++++++++++++-------- 3 files changed, 48 insertions(+), 14 deletions(-) (limited to 'security') diff --git a/security/openssl/Makefile b/security/openssl/Makefile index f6c96c77a5a..57b3a05591b 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.127 2007/08/04 14:29:43 tnn Exp $ +# $NetBSD: Makefile,v 1.127.2.1 2007/10/22 08:47:22 ghen Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty @@ -24,7 +24,7 @@ MASTER_SITES= ftp://ftp.openssl.org/snapshot/ . endif .endif -PKGREVISION= 4 +PKGREVISION= 5 SVR4_PKGNAME= ossl CATEGORIES= security MAINTAINER= pkgsrc-users@NetBSD.org diff --git a/security/openssl/distinfo b/security/openssl/distinfo index dde5511b061..350967f4f56 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.55 2007/08/04 14:29:43 tnn Exp $ +$NetBSD: distinfo,v 1.55.2.1 2007/10/22 08:47:23 ghen Exp $ SHA1 (openssl-0.9.7i.tar.gz) = 4c23925744d43272fa19615454da44e01465eb06 RMD160 (openssl-0.9.7i.tar.gz) = 0dce52c5793a0c37f17b620f7d26bbf9e4fcf755 @@ -14,7 +14,7 @@ SHA1 (patch-ak) = 7f9960a97cbe83c381c2a4565ca3a6e4e661bf54 SHA1 (patch-al) = 64fd0be6adf30821b4c4bba3c9088c6dcbff3ba7 SHA1 (patch-am) = 209aad896f976e5acc9bf66f5e3fdf6193d2ff3d SHA1 (patch-an) = c38cf54341ae5b770f984859c1a3bf6df41e0532 -SHA1 (patch-ao) = 834860d35eaa1211db664346a362822114bd16ef +SHA1 (patch-ao) = 625c6379b38769b639bc7f87ccb0d23c651bf5eb SHA1 (patch-ap) = 9473b8e69b71864baab3d38ee3de90e7027b1b0b SHA1 (patch-aq) = 68704a8048f7eea3744ae5e04dda09c676762923 SHA1 (patch-ar) = 575be597244eb04576651d7b0276604d51fa7464 diff --git a/security/openssl/patches/patch-ao b/security/openssl/patches/patch-ao index 0b53ba7001a..957a0e527d6 100644 --- a/security/openssl/patches/patch-ao +++ b/security/openssl/patches/patch-ao @@ -1,15 +1,49 @@ -$NetBSD: patch-ao,v 1.1 2006/09/30 04:20:24 taca Exp $ +$NetBSD: patch-ao,v 1.1.10.1 2007/10/22 08:47:23 ghen Exp $ -# http://secunia.com/advisories/22130/ +# CVE-2007-5135 ---- ssl/ssl_lib.c.orig 2005-06-11 05:00:39.000000000 +0900 +--- ssl/ssl_lib.c.orig 2005-06-10 21:00:39.000000000 +0100 +++ ssl/ssl_lib.c -@@ -1187,7 +1187,7 @@ char *SSL_get_shared_ciphers(const SSL * +@@ -1169,7 +1169,6 @@ int SSL_set_cipher_list(SSL *s,const cha + char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) + { + char *p; +- const char *cp; + STACK_OF(SSL_CIPHER) *sk; + SSL_CIPHER *c; + int i; +@@ -1182,20 +1181,21 @@ char *SSL_get_shared_ciphers(const SSL * + sk=s->session->ciphers; + for (i=0; iname; *cp; ) - { +- for (cp=c->name; *cp; ) +- { - if (len-- == 0) -+ if (len-- <= 0) - { - *p='\0'; - return(buf); +- { +- *p='\0'; +- return(buf); +- } +- else +- *(p++)= *(cp++); +- } +- *(p++)=':'; ++ n=strlen(c->name); ++ if (n+1 > len) ++ { ++ if (p != buf) ++ --p; ++ *p='\0'; ++ return buf; ++ } ++ strcpy(p,c->name); ++ p+=n; ++ *(p++)=':'; ++ len-=n+1; + } + p[-1]='\0'; + return(buf); -- cgit v1.2.3