[crux-commits] ports/core (2.3): [notify] openssl: fix for CVE-2007-5135 See http://www.securityfocus.com/bid/25831

commit 9a46286a22116b36846ab8afaef0f31ae7bb03b1 Author: Juergen Daubert <jue@jue.li> Date: Mon Oct 8 11:15:39 2007 +0200 [notify] openssl: fix for CVE-2007-5135 See http://www.securityfocus.com/bid/25831 diff --git a/openssl/.md5sum b/openssl/.md5sum index a9a40d3..cc999da 100644 --- a/openssl/.md5sum +++ b/openssl/.md5sum @@ -1,4 +1,5 @@ 30ad2995a2668db16ae3083c11a42307 CVE-2007-3108.patch +21119cb0b942c835395d7f57530ba14a CVE-2007-5135.patch 9d0df57845af8acd1027a7df5c18d017 mksslcert.sh 58daa890c3bc19bd6ce3451b2e5e335c openssl-0.9.8b-parallel-build.patch 3a7ff24f6ea5cd711984722ad654b927 openssl-0.9.8e.tar.gz diff --git a/openssl/CVE-2007-5135.patch b/openssl/CVE-2007-5135.patch new file mode 100644 index 0000000..ed3b0fd --- /dev/null +++ b/openssl/CVE-2007-5135.patch @@ -0,0 +1,46 @@ +openssl/ssl/ssl_lib.c 1.133.2.9 -> 1.133.2.10 + +--- ssl_lib.c 2007/08/12 18:59:02 1.133.2.9 ++++ ssl_lib.c 2007/09/19 12:16:21 1.133.2.10 +@@ -1210,7 +1210,6 @@ + char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) + { + char *p; +- const char *cp; + STACK_OF(SSL_CIPHER) *sk; + SSL_CIPHER *c; + int i; +@@ -1223,20 +1222,21 @@ + sk=s->session->ciphers; + for (i=0; i<sk_SSL_CIPHER_num(sk); i++) + { +- /* Decrement for either the ':' or a '\0' */ +- len--; ++ int n; ++ + c=sk_SSL_CIPHER_value(sk,i); +- for (cp=c->name; *cp; ) ++ n=strlen(c->name); ++ if (n+1 > len) + { +- if (len-- <= 0) +- { +- *p='\0'; +- return(buf); +- } +- else +- *(p++)= *(cp++); ++ if (p != buf) ++ --p; ++ *p='\0'; ++ return buf; + } ++ strcpy(p,c->name); ++ p+=n; + *(p++)=':'; ++ len-=n+1; + } + p[-1]='\0'; + return(buf); + + diff --git a/openssl/Pkgfile b/openssl/Pkgfile index 10c23da..64a90dd 100644 --- a/openssl/Pkgfile +++ b/openssl/Pkgfile @@ -4,14 +4,15 @@ name=openssl version=0.9.8e -release=2 +release=3 source=(http://www.openssl.org/source/$name-$version.tar.gz \ mksslcert.sh openssl-0.9.8b-parallel-build.patch \ - CVE-2007-3108.patch) + CVE-2007-3108.patch CVE-2007-5135.patch) build() { cd $name-$version patch -p1 -i $SRC/CVE-2007-3108.patch + patch -p0 -d ssl -i $SRC/CVE-2007-5135.patch patch -p1 -i $SRC/openssl-0.9.8b-parallel-build.patch ./config --prefix=/usr --openssldir=/etc/ssl shared make