aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2014-05-29 15:41:53 +0300
committerTimo Teräs <timo.teras@iki.fi>2014-05-29 15:42:27 +0300
commit5b76f90f8063484f2aac02ab411ecfe67008538d (patch)
treebda1d15a714c7170fb35eda02b80a80fd49bdf56 /main
parent1a9a0430790d7829d9ee53e0fbc17dbe6c7a6b69 (diff)
downloadaports-5b76f90f8063484f2aac02ab411ecfe67008538d.tar.bz2
aports-5b76f90f8063484f2aac02ab411ecfe67008538d.tar.xz
main/openssl: security fix to CVE-2014-0198
ref #2916
Diffstat (limited to 'main')
-rw-r--r--main/openssl/APKBUILD6
-rw-r--r--main/openssl/CVE-2014-0198.patch37
2 files changed, 42 insertions, 1 deletions
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
index 0bc902b02b..90eb0ce03f 100644
--- a/main/openssl/APKBUILD
+++ b/main/openssl/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=openssl
pkgver=1.0.1g
-pkgrel=2
+pkgrel=3
pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
url="http://openssl.org"
depends=
@@ -15,6 +15,7 @@ license="openssl"
subpackages="$pkgname-dev $pkgname-doc libcrypto1.0:libcrypto libssl1.0:libssl"
source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
+ CVE-2014-0198.patch
fix-manpages.patch
openssl-bb-basename.patch
0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
@@ -122,6 +123,7 @@ libssl() {
}
md5sums="de62b43dfcd858e66a74bee1c834e959 openssl-1.0.1g.tar.gz
+bede51cf4d58b63baee73191ac292f6d CVE-2014-0198.patch
115c481cd59b3dba631364e8fb1778f5 fix-manpages.patch
c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch
ddb5fc155145d5b852425adaec32234d 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
@@ -137,6 +139,7 @@ efec1bce615256961b1756e575ee1d0a fix-default-apps-capath.patch
b7f2421187ae2b4c7e424cda2022d41d abi-compat-no-freelists.patch
148545f22ee15fc737b35768be4aa0cf fix-use-after-free-without-freelist.patch"
sha256sums="53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 openssl-1.0.1g.tar.gz
+845973d589d087b720f7a328b2298e87307fd9218830c9b1b3e31ad7a1278d73 CVE-2014-0198.patch
fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch
82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch
18dd81fefb39b3328a444774ed10871ed50348ca171d2da9f826f916127b2dae 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
@@ -152,6 +155,7 @@ bd56e5fe1b6fe594ab93f34d25fef0b7372633bad8532f81da998f3e6655d221 openssl-1.0.1-
41c7c1e5bea7f7e0ccc59203a48f097948627d72fcf87f943fcfe8c14b4069a2 abi-compat-no-freelists.patch
5dd2b8c2d86b6859e8dd34f27924bb251ba0f64856c49edff351c18941483a52 fix-use-after-free-without-freelist.patch"
sha512sums="66ebbad3c8ad98a07b486d39d0c3ae62b00133f8f2877cf8b97c461e7c7f40b29cf9c3cae82cf73a92dcf1daa63d33aa76c910fbcbe60158589fc7cb48f41e6d openssl-1.0.1g.tar.gz
+fbd399f406fd6decdfa14a9457e969a939f49c71fc9b9b33d8ff40705a49732a10fa6aa0a5a015106ee9b3ee95aee9db1bf06839f1487961200f7f95fa954d93 CVE-2014-0198.patch
880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch
6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch
ea282b09d4692a29e5a554e19b0798fa921717d4892decc68cba92cad11e85e4064d8ac78d98f6fa8bb45c65fdd1a5d1a6f6755e53102d520e9d8b807c3a7822 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
diff --git a/main/openssl/CVE-2014-0198.patch b/main/openssl/CVE-2014-0198.patch
new file mode 100644
index 0000000000..c473719551
--- /dev/null
+++ b/main/openssl/CVE-2014-0198.patch
@@ -0,0 +1,37 @@
+From b107586c0c3447ea22dba8698ebbcd81bb29d48c Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Mon, 12 May 2014 00:38:37 +0100
+Subject: [PATCH] Fixed NULL pointer dereference. See PR#3321
+
+---
+ ssl/s3_pkt.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index 40eb0dd..d961d12 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ SSL3_BUFFER *wb=&(s->s3->wbuf);
+ SSL_SESSION *sess;
+
+- if (wb->buf == NULL)
+- if (!ssl3_setup_write_buffer(s))
+- return -1;
+
+ /* first check if there is a SSL3_BUFFER still being written
+ * out. This will happen with non blocking IO */
+@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+ /* if it went, fall through and send more stuff */
+ }
+
++ if (wb->buf == NULL)
++ if (!ssl3_setup_write_buffer(s))
++ return -1;
++
+ if (len == 0 && !create_empty_fragment)
+ return 0;
+
+--
+1.7.9.5
+