diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2010-10-08 07:50:08 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2010-10-08 07:51:09 +0000 |
commit | 0e3097ddb1ea7d4084e1827679fef743c4f82236 (patch) | |
tree | 334b1bfcf2fb7b1611db81a6549e1405ad2b2cb0 | |
parent | 2fe172aecddb0d381b73ec33f23bd951d47ba704 (diff) | |
download | alpine_aports-0e3097ddb1ea7d4084e1827679fef743c4f82236.tar.bz2 alpine_aports-0e3097ddb1ea7d4084e1827679fef743c4f82236.tar.xz alpine_aports-0e3097ddb1ea7d4084e1827679fef743c4f82236.zip |
main/openssl: fix double free. cve-2010-2939
(cherry picked from commit 928dd04996fb7ede6cbd646c1e48222910b07ff8)
-rw-r--r-- | main/openssl/APKBUILD | 6 | ||||
-rw-r--r-- | main/openssl/cve-2010-2939.patch | 12 |
2 files changed, 16 insertions, 2 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index b7d334bb89..5f5399d718 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD | |||
@@ -1,7 +1,7 @@ | |||
1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> | 1 | # Maintainer: Natanael Copa <ncopa@alpinelinux.org> |
2 | pkgname=openssl | 2 | pkgname=openssl |
3 | pkgver=1.0.0a | 3 | pkgver=1.0.0a |
4 | pkgrel=3 | 4 | pkgrel=4 |
5 | pkgdesc="Toolkit for SSL v2/v3 and TLS v1" | 5 | pkgdesc="Toolkit for SSL v2/v3 and TLS v1" |
6 | url="http://openssl.org" | 6 | url="http://openssl.org" |
7 | depends= | 7 | depends= |
@@ -19,6 +19,7 @@ source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz | |||
19 | 0003-engines-e_padlock-backport-cvs-head-changes.patch | 19 | 0003-engines-e_padlock-backport-cvs-head-changes.patch |
20 | 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch | 20 | 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch |
21 | 0005-crypto-engine-autoload-padlock-dynamic-engine.patch | 21 | 0005-crypto-engine-autoload-padlock-dynamic-engine.patch |
22 | cve-2010-2939.patch | ||
22 | " | 23 | " |
23 | 24 | ||
24 | _builddir="$srcdir"/$pkgname-$pkgver | 25 | _builddir="$srcdir"/$pkgname-$pkgver |
@@ -74,4 +75,5 @@ c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch | |||
74 | 5ba830cf1e828192c8c40023dc92917d 0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch | 75 | 5ba830cf1e828192c8c40023dc92917d 0002-apps-speed-fix-digest-speed-measurement-and-add-hmac.patch |
75 | 53fbd01733b488717575e04a5aaf6664 0003-engines-e_padlock-backport-cvs-head-changes.patch | 76 | 53fbd01733b488717575e04a5aaf6664 0003-engines-e_padlock-backport-cvs-head-changes.patch |
76 | beea8819faeefb9ab19ef90f00c53782 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch | 77 | beea8819faeefb9ab19ef90f00c53782 0004-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch |
77 | 8bc7a427f6005158585386b9837f700c 0005-crypto-engine-autoload-padlock-dynamic-engine.patch" | 78 | 8bc7a427f6005158585386b9837f700c 0005-crypto-engine-autoload-padlock-dynamic-engine.patch |
79 | 6fae2ff07483b001249c1944e5e14a1d cve-2010-2939.patch" | ||
diff --git a/main/openssl/cve-2010-2939.patch b/main/openssl/cve-2010-2939.patch new file mode 100644 index 0000000000..29b5f844f2 --- /dev/null +++ b/main/openssl/cve-2010-2939.patch | |||
@@ -0,0 +1,12 @@ | |||
1 | http://bugs.gentoo.org/332027 | ||
2 | |||
3 | --- a/ssl/s3_clnt.c | ||
4 | +++ b/ssl/s3_clnt.c | ||
5 | @@ -1508,6 +1508,7 @@ | ||
6 | s->session->sess_cert->peer_ecdh_tmp=ecdh; | ||
7 | ecdh=NULL; | ||
8 | BN_CTX_free(bn_ctx); | ||
9 | + bn_ctx = NULL; | ||
10 | EC_POINT_free(srvr_ecpoint); | ||
11 | srvr_ecpoint = NULL; | ||
12 | } | ||