aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2014-05-21 07:30:04 +0000
committerTimo Teräs <timo.teras@iki.fi>2014-05-21 07:30:04 +0000
commit4456c9ec91d13627b3900075f8ac84ce97551679 (patch)
tree23322e469587aea5c25dff244a3d0b8e2485f2a6
parent01d3ef72982522ead975342f31459dec870168ef (diff)
downloadaports-4456c9ec91d13627b3900075f8ac84ce97551679.tar.bz2
aports-4456c9ec91d13627b3900075f8ac84ce97551679.tar.xz
main/openssl: fix for CVE-2010-5298
fixes #2898
-rw-r--r--main/openssl/APKBUILD6
-rw-r--r--main/openssl/CVE-2010-5298.patch13
2 files changed, 18 insertions, 1 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index 358c222739..5a266d8321 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=1.0.1g
-pkgrel=0
+pkgrel=1
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url="http://openssl.org"
depends=
@@ -15,6 +15,7 @@ license="openssl"
subpackages="$pkgname-dev $pkgname-doc libcrypto1.0:libcrypto libssl1.0:libssl"
source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
+ CVE-2010-5298.patch
fix-manpages.patch
openssl-bb-basename.patch
0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
@@ -118,6 +119,7 @@ libssl() {
}
md5sums="de62b43dfcd858e66a74bee1c834e959 openssl-1.0.1g.tar.gz
+148545f22ee15fc737b35768be4aa0cf CVE-2010-5298.patch
115c481cd59b3dba631364e8fb1778f5 fix-manpages.patch
c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch
ddb5fc155145d5b852425adaec32234d 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
@@ -130,6 +132,7 @@ d1f3aaad7c36590f21355682983cd14e openssl-1.0.1-version-eglibc.patch
efec1bce615256961b1756e575ee1d0a fix-default-apps-capath.patch
05ad806219cef6fa5692ac727af7fab6 c_rehash.c"
sha256sums="53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 openssl-1.0.1g.tar.gz
+5dd2b8c2d86b6859e8dd34f27924bb251ba0f64856c49edff351c18941483a52 CVE-2010-5298.patch
fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch
82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch
18dd81fefb39b3328a444774ed10871ed50348ca171d2da9f826f916127b2dae 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
@@ -142,6 +145,7 @@ cbb2493ec9157e78035e9cc02be17655996ee9cd0a71b79507fc19f3862f452b 0003-engines-e
1e11d6b8cdcdd6957c69d33ab670c5918fc96c12fdb9b76b4287cb8f69c3545d fix-default-apps-capath.patch
7b0947fd09ad1e8d9cea360b883090025b40193d0fc8a631f2e3bb42db28d76b c_rehash.c"
sha512sums="66ebbad3c8ad98a07b486d39d0c3ae62b00133f8f2877cf8b97c461e7c7f40b29cf9c3cae82cf73a92dcf1daa63d33aa76c910fbcbe60158589fc7cb48f41e6d openssl-1.0.1g.tar.gz
+515197784d7423f4875f9a0b3102fa4a2d63fcec52d52dbc9a36eba9f40b19f2814dc90a2c021b4a573bdf789e691f8f90dc95706d7bc1136d0f4c3b2cb91b09 CVE-2010-5298.patch
880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch
6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch
ea282b09d4692a29e5a554e19b0798fa921717d4892decc68cba92cad11e85e4064d8ac78d98f6fa8bb45c65fdd1a5d1a6f6755e53102d520e9d8b807c3a7822 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
diff --git a/main/openssl/CVE-2010-5298.patch b/main/openssl/CVE-2010-5298.patch
new file mode 100644
index 0000000000..4734c75092
--- /dev/null
+++ b/main/openssl/CVE-2010-5298.patch
@@ -0,0 +1,13 @@
+http://rt.openssl.org/Ticket/Attachment/37748/20587/
+
+--- openssl-1.0.1g/ssl/s3_pkt.c.orig 2014-04-11 08:10:03.115295077 -0300
++++ openssl-1.0.1g/ssl/s3_pkt.c 2014-04-11 08:10:38.788435152 -0300
+@@ -1055,7 +1055,7 @@
+ {
+ s->rstate=SSL_ST_READ_HEADER;
+ rr->off=0;
+- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
++ if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
+ ssl3_release_read_buffer(s);
+ }
+ }