From b87d51e229ece7032246899511e862ad3f5d734f Mon Sep 17 00:00:00 2001 From: taca Date: Fri, 26 Mar 2010 00:20:49 +0000 Subject: Add a patch for Fix for CVE-2010-0740, DoS problem. http://www.openssl.org/news/secadv_20100324.txt Bump PKGREVISION. --- security/openssl/Makefile | 4 ++-- security/openssl/distinfo | 3 ++- security/openssl/patches/patch-bc | 19 +++++++++++++++++++ 3 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 security/openssl/patches/patch-bc (limited to 'security') diff --git a/security/openssl/Makefile b/security/openssl/Makefile index c7ea341eedb..97469d43fbe 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.145 2010/03/01 08:15:40 taca Exp $ +# $NetBSD: Makefile,v 1.146 2010/03/26 00:20:49 taca Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty OPENSSL_VERS?= 0.9.8m -PKGREVISION= 1 +PKGREVISION= 2 .if empty(OPENSSL_SNAPSHOT) DISTNAME= openssl-${OPENSSL_VERS} diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 9483eef609b..1e1681a6c45 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.72 2010/02/26 03:15:13 taca Exp $ +$NetBSD: distinfo,v 1.73 2010/03/26 00:20:49 taca Exp $ SHA1 (openssl-0.9.8m.tar.gz) = 2511c709a47f34d5fa6cd1a1c9cb1699bdffa912 RMD160 (openssl-0.9.8m.tar.gz) = 0296af151993008526b4f2b3a6810e20c4ad3759 @@ -11,3 +11,4 @@ SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302 +SHA1 (patch-bc) = 9200ae3c86fb5c278c9692441555faa4c51afb30 diff --git a/security/openssl/patches/patch-bc b/security/openssl/patches/patch-bc new file mode 100644 index 00000000000..d150c8acb7c --- /dev/null +++ b/security/openssl/patches/patch-bc @@ -0,0 +1,19 @@ +$NetBSD: patch-bc,v 1.1 2010/03/26 00:20:49 taca Exp $ + +Fix for CVE-2010-0740: http://www.openssl.org/news/secadv_20100324.txt + +--- ssl/s3_pkt.c.orig 2010-01-24 13:52:38.000000000 +0000 ++++ ssl/s3_pkt.c +@@ -291,9 +291,9 @@ again: + if (version != s->version) + { + SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); +- /* Send back error using their +- * version number :-) */ +- s->version=version; ++ if ((s->version & 0xFF00) == (version & 0xFF00)) ++ /* Send back error using their minor version number :-) */ ++ s->version = (unsigned short)version; + al=SSL_AD_PROTOCOL_VERSION; + goto f_err; + } -- cgit v1.2.3