diff --git a/openssl/.md5sum b/openssl/.md5sum index f31df964..e04c40fa 100644 --- a/openssl/.md5sum +++ b/openssl/.md5sum @@ -1,4 +1,5 @@ 30ad2995a2668db16ae3083c11a42307 CVE-2007-3108.patch +21119cb0b942c835395d7f57530ba14a CVE-2007-5135.patch 9d0df57845af8acd1027a7df5c18d017 mksslcert.sh 3cbccf8f5d7ce488a306fb9029512b80 openssl-0.9.8-gcc42.patch 58daa890c3bc19bd6ce3451b2e5e335c openssl-0.9.8b-parallel-build.patch diff --git a/openssl/CVE-2007-5135.patch b/openssl/CVE-2007-5135.patch new file mode 100644 index 00000000..ed3b0fd5 --- /dev/null +++ b/openssl/CVE-2007-5135.patch @@ -0,0 +1,46 @@ +openssl/ssl/ssl_lib.c 1.133.2.9 -> 1.133.2.10 + +--- ssl_lib.c 2007/08/12 18:59:02 1.133.2.9 ++++ ssl_lib.c 2007/09/19 12:16:21 1.133.2.10 +@@ -1210,7 +1210,6 @@ + char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) + { + char *p; +- const char *cp; + STACK_OF(SSL_CIPHER) *sk; + SSL_CIPHER *c; + int i; +@@ -1223,20 +1222,21 @@ + sk=s->session->ciphers; + for (i=0; iname; *cp; ) ++ n=strlen(c->name); ++ if (n+1 > len) + { +- if (len-- <= 0) +- { +- *p='\0'; +- return(buf); +- } +- else +- *(p++)= *(cp++); ++ if (p != buf) ++ --p; ++ *p='\0'; ++ return buf; + } ++ strcpy(p,c->name); ++ p+=n; + *(p++)=':'; ++ len-=n+1; + } + p[-1]='\0'; + return(buf); + + diff --git a/openssl/Pkgfile b/openssl/Pkgfile index 80d67c74..26dce352 100644 --- a/openssl/Pkgfile +++ b/openssl/Pkgfile @@ -6,12 +6,14 @@ name=openssl version=0.9.8e release=3 source=(http://www.openssl.org/source/$name-$version.tar.gz \ - mksslcert.sh openssl-0.9.8b-parallel-build.patch \ - CVE-2007-3108.patch openssl-0.9.8-gcc42.patch) + mksslcert.sh openssl-0.9.8b-parallel-build.patch \ + CVE-2007-3108.patch CVE-2007-5135.patch \ + openssl-0.9.8-gcc42.patch) build() { cd $name-$version patch -p1 -i $SRC/CVE-2007-3108.patch + patch -p0 -d ssl -i $SRC/CVE-2007-5135.patch patch -p1 -i $SRC/openssl-0.9.8b-parallel-build.patch patch -p0 -i $SRC/openssl-0.9.8-gcc42.patch ./config --prefix=/usr --openssldir=/etc/ssl shared