From 5b76f90f8063484f2aac02ab411ecfe67008538d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= Date: Thu, 29 May 2014 15:41:53 +0300 Subject: main/openssl: security fix to CVE-2014-0198 ref #2916 --- main/openssl/APKBUILD | 6 +++++- main/openssl/CVE-2014-0198.patch | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 main/openssl/CVE-2014-0198.patch (limited to 'main/openssl') diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD index 0bc902b02b..90eb0ce03f 100644 --- a/main/openssl/APKBUILD +++ b/main/openssl/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Timo Teras pkgname=openssl pkgver=1.0.1g -pkgrel=2 +pkgrel=3 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" url="http://openssl.org" depends= @@ -15,6 +15,7 @@ license="openssl" subpackages="$pkgname-dev $pkgname-doc libcrypto1.0:libcrypto libssl1.0:libssl" source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz + CVE-2014-0198.patch fix-manpages.patch openssl-bb-basename.patch 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch @@ -122,6 +123,7 @@ libssl() { } md5sums="de62b43dfcd858e66a74bee1c834e959 openssl-1.0.1g.tar.gz +bede51cf4d58b63baee73191ac292f6d CVE-2014-0198.patch 115c481cd59b3dba631364e8fb1778f5 fix-manpages.patch c6a9857a5dbd30cead0404aa7dd73977 openssl-bb-basename.patch ddb5fc155145d5b852425adaec32234d 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch @@ -137,6 +139,7 @@ efec1bce615256961b1756e575ee1d0a fix-default-apps-capath.patch b7f2421187ae2b4c7e424cda2022d41d abi-compat-no-freelists.patch 148545f22ee15fc737b35768be4aa0cf fix-use-after-free-without-freelist.patch" sha256sums="53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 openssl-1.0.1g.tar.gz +845973d589d087b720f7a328b2298e87307fd9218830c9b1b3e31ad7a1278d73 CVE-2014-0198.patch fe844e21b2c42da2d8e9c89350211d70c0829f45532b89b7e492bfde589ee7ed fix-manpages.patch 82863c2fed659a7186c7f3905a1853b8bd8060350ad101ce159fa7e7d2ba27e8 openssl-bb-basename.patch 18dd81fefb39b3328a444774ed10871ed50348ca171d2da9f826f916127b2dae 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch @@ -152,6 +155,7 @@ bd56e5fe1b6fe594ab93f34d25fef0b7372633bad8532f81da998f3e6655d221 openssl-1.0.1- 41c7c1e5bea7f7e0ccc59203a48f097948627d72fcf87f943fcfe8c14b4069a2 abi-compat-no-freelists.patch 5dd2b8c2d86b6859e8dd34f27924bb251ba0f64856c49edff351c18941483a52 fix-use-after-free-without-freelist.patch" sha512sums="66ebbad3c8ad98a07b486d39d0c3ae62b00133f8f2877cf8b97c461e7c7f40b29cf9c3cae82cf73a92dcf1daa63d33aa76c910fbcbe60158589fc7cb48f41e6d openssl-1.0.1g.tar.gz +fbd399f406fd6decdfa14a9457e969a939f49c71fc9b9b33d8ff40705a49732a10fa6aa0a5a015106ee9b3ee95aee9db1bf06839f1487961200f7f95fa954d93 CVE-2014-0198.patch 880411d56da49946d24328445728367e0bf13b0fd47954971514bee8cd5613a038ad8aeaf68da2c92f4634deb022febd7b3e37f9bbfc5d2c9c8b3b5ffd971407 fix-manpages.patch 6c4f4b0c1b606b3e5a8175618c4398923392f9c25ad8d3f5b65b0424fe51e104c4f456d2da590d9f572382225ab320278e88db1585790092450cad60a02819a5 openssl-bb-basename.patch ea282b09d4692a29e5a554e19b0798fa921717d4892decc68cba92cad11e85e4064d8ac78d98f6fa8bb45c65fdd1a5d1a6f6755e53102d520e9d8b807c3a7822 0001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch diff --git a/main/openssl/CVE-2014-0198.patch b/main/openssl/CVE-2014-0198.patch new file mode 100644 index 0000000000..c473719551 --- /dev/null +++ b/main/openssl/CVE-2014-0198.patch @@ -0,0 +1,37 @@ +From b107586c0c3447ea22dba8698ebbcd81bb29d48c Mon Sep 17 00:00:00 2001 +From: Matt Caswell +Date: Mon, 12 May 2014 00:38:37 +0100 +Subject: [PATCH] Fixed NULL pointer dereference. See PR#3321 + +--- + ssl/s3_pkt.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c +index 40eb0dd..d961d12 100644 +--- a/ssl/s3_pkt.c ++++ b/ssl/s3_pkt.c +@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + SSL3_BUFFER *wb=&(s->s3->wbuf); + SSL_SESSION *sess; + +- if (wb->buf == NULL) +- if (!ssl3_setup_write_buffer(s)) +- return -1; + + /* first check if there is a SSL3_BUFFER still being written + * out. This will happen with non blocking IO */ +@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + /* if it went, fall through and send more stuff */ + } + ++ if (wb->buf == NULL) ++ if (!ssl3_setup_write_buffer(s)) ++ return -1; ++ + if (len == 0 && !create_empty_fragment) + return 0; + +-- +1.7.9.5 + -- cgit v1.2.3