pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/openssl Full and proper fix for CVE-2007-5135



details:   https://anonhg.NetBSD.org/pkgsrc/rev/312febd092dd
branches:  trunk
changeset: 534448:312febd092dd
user:      adrianp <adrianp%pkgsrc.org@localhost>
date:      Sun Oct 21 17:52:52 2007 +0000

description:
Full and proper fix for CVE-2007-5135
PKGREVISION++

diffstat:

 security/openssl/Makefile         |   4 +-
 security/openssl/distinfo         |   4 +-
 security/openssl/patches/patch-ao |  54 +++++++++++++++++++++++++++++++-------
 3 files changed, 48 insertions(+), 14 deletions(-)

diffs (99 lines):

diff -r 897162f364f6 -r 312febd092dd security/openssl/Makefile
--- a/security/openssl/Makefile Sun Oct 21 14:01:16 2007 +0000
+++ b/security/openssl/Makefile Sun Oct 21 17:52:52 2007 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.127 2007/08/04 14:29:43 tnn Exp $
+# $NetBSD: Makefile,v 1.128 2007/10/21 17:52:52 adrianp Exp $
 
 OPENSSL_SNAPSHOT?=     # empty
 OPENSSL_STABLE?=       # empty
@@ -24,7 +24,7 @@
 .  endif
 .endif
 
-PKGREVISION=   4
+PKGREVISION=   5
 SVR4_PKGNAME=  ossl
 CATEGORIES=    security
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
diff -r 897162f364f6 -r 312febd092dd security/openssl/distinfo
--- a/security/openssl/distinfo Sun Oct 21 14:01:16 2007 +0000
+++ b/security/openssl/distinfo Sun Oct 21 17:52:52 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.55 2007/08/04 14:29:43 tnn Exp $
+$NetBSD: distinfo,v 1.56 2007/10/21 17:52:52 adrianp Exp $
 
 SHA1 (openssl-0.9.7i.tar.gz) = 4c23925744d43272fa19615454da44e01465eb06
 RMD160 (openssl-0.9.7i.tar.gz) = 0dce52c5793a0c37f17b620f7d26bbf9e4fcf755
@@ -14,7 +14,7 @@
 SHA1 (patch-al) = 64fd0be6adf30821b4c4bba3c9088c6dcbff3ba7
 SHA1 (patch-am) = 209aad896f976e5acc9bf66f5e3fdf6193d2ff3d
 SHA1 (patch-an) = c38cf54341ae5b770f984859c1a3bf6df41e0532
-SHA1 (patch-ao) = 834860d35eaa1211db664346a362822114bd16ef
+SHA1 (patch-ao) = 625c6379b38769b639bc7f87ccb0d23c651bf5eb
 SHA1 (patch-ap) = 9473b8e69b71864baab3d38ee3de90e7027b1b0b
 SHA1 (patch-aq) = 68704a8048f7eea3744ae5e04dda09c676762923
 SHA1 (patch-ar) = 575be597244eb04576651d7b0276604d51fa7464
diff -r 897162f364f6 -r 312febd092dd security/openssl/patches/patch-ao
--- a/security/openssl/patches/patch-ao Sun Oct 21 14:01:16 2007 +0000
+++ b/security/openssl/patches/patch-ao Sun Oct 21 17:52:52 2007 +0000
@@ -1,15 +1,49 @@
-$NetBSD: patch-ao,v 1.1 2006/09/30 04:20:24 taca Exp $
+$NetBSD: patch-ao,v 1.2 2007/10/21 17:52:53 adrianp Exp $
 
-# http://secunia.com/advisories/22130/
+# CVE-2007-5135
 
---- ssl/ssl_lib.c.orig 2005-06-11 05:00:39.000000000 +0900
+--- ssl/ssl_lib.c.orig 2005-06-10 21:00:39.000000000 +0100
 +++ ssl/ssl_lib.c
-@@ -1187,7 +1187,7 @@ char *SSL_get_shared_ciphers(const SSL *
+@@ -1169,7 +1169,6 @@ int SSL_set_cipher_list(SSL *s,const cha
+ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
+       {
+       char *p;
+-      const char *cp;
+       STACK_OF(SSL_CIPHER) *sk;
+       SSL_CIPHER *c;
+       int i;
+@@ -1182,20 +1181,21 @@ char *SSL_get_shared_ciphers(const SSL *
+       sk=s->session->ciphers;
+       for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
+               {
+-              /* Decrement for either the ':' or a '\0' */
+-              len--;
++              int n;
++
                c=sk_SSL_CIPHER_value(sk,i);
-               for (cp=c->name; *cp; )
-                       {
+-              for (cp=c->name; *cp; )
+-                      {
 -                      if (len-- == 0)
-+                      if (len-- <= 0)
-                               {
-                               *p='\0';
-                               return(buf);
+-                              {
+-                              *p='\0';
+-                              return(buf);
+-                              }
+-                      else
+-                              *(p++)= *(cp++);
+-                      }
+-              *(p++)=':';
++              n=strlen(c->name);
++              if (n+1 > len)
++                    {
++                    if (p != buf)
++                           --p;
++                    *p='\0';
++                    return buf;
++                    }
++              strcpy(p,c->name);
++              p+=n;
++              *(p++)=':';
++              len-=n+1;
+               }
+       p[-1]='\0';
+       return(buf);



Home | Main Index | Thread Index | Old Index