From 9a46286a22116b36846ab8afaef0f31ae7bb03b1 Mon Sep 17 00:00:00 2001
From: Juergen Daubert <jue@jue.li>
Date: Mon, 8 Oct 2007 11:15:39 +0200
Subject: [PATCH] [notify] openssl: fix for CVE-2007-5135 See
 http://www.securityfocus.com/bid/25831

---
 openssl/.md5sum             |  1 +
 openssl/CVE-2007-5135.patch | 46 +++++++++++++++++++++++++++++++++++++
 openssl/Pkgfile             |  5 ++--
 3 files changed, 50 insertions(+), 2 deletions(-)
 create mode 100644 openssl/CVE-2007-5135.patch

diff --git a/openssl/.md5sum b/openssl/.md5sum
index a9a40d30..cc999da3 100644
--- a/openssl/.md5sum
+++ b/openssl/.md5sum
@@ -1,4 +1,5 @@
 30ad2995a2668db16ae3083c11a42307  CVE-2007-3108.patch
+21119cb0b942c835395d7f57530ba14a  CVE-2007-5135.patch
 9d0df57845af8acd1027a7df5c18d017  mksslcert.sh
 58daa890c3bc19bd6ce3451b2e5e335c  openssl-0.9.8b-parallel-build.patch
 3a7ff24f6ea5cd711984722ad654b927  openssl-0.9.8e.tar.gz
diff --git a/openssl/CVE-2007-5135.patch b/openssl/CVE-2007-5135.patch
new file mode 100644
index 00000000..ed3b0fd5
--- /dev/null
+++ b/openssl/CVE-2007-5135.patch
@@ -0,0 +1,46 @@
+openssl/ssl/ssl_lib.c     1.133.2.9 -> 1.133.2.10
+
+--- ssl_lib.c	2007/08/12 18:59:02	1.133.2.9
++++ ssl_lib.c	2007/09/19 12:16:21	1.133.2.10
+@@ -1210,7 +1210,6 @@
+ char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
+ 	{
+ 	char *p;
+-	const char *cp;
+ 	STACK_OF(SSL_CIPHER) *sk;
+ 	SSL_CIPHER *c;
+ 	int i;
+@@ -1223,20 +1222,21 @@
+ 	sk=s->session->ciphers;
+ 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
+ 		{
+-		/* Decrement for either the ':' or a '\0' */
+-		len--;
++		int n;
++
+ 		c=sk_SSL_CIPHER_value(sk,i);
+-		for (cp=c->name; *cp; )
++		n=strlen(c->name);
++		if (n+1 > len)
+ 			{
+-			if (len-- <= 0)
+-				{
+-				*p='\0';
+-				return(buf);
+-				}
+-			else
+-				*(p++)= *(cp++);
++			if (p != buf)
++				--p;
++			*p='\0';
++			return buf;
+ 			}
++		strcpy(p,c->name);
++		p+=n;
+ 		*(p++)=':';
++		len-=n+1;
+ 		}
+ 	p[-1]='\0';
+ 	return(buf);
+
+
diff --git a/openssl/Pkgfile b/openssl/Pkgfile
index 10c23dac..64a90dd5 100644
--- a/openssl/Pkgfile
+++ b/openssl/Pkgfile
@@ -4,14 +4,15 @@
 
 name=openssl
 version=0.9.8e
-release=2
+release=3
 source=(http://www.openssl.org/source/$name-$version.tar.gz \
 	mksslcert.sh openssl-0.9.8b-parallel-build.patch \
-	CVE-2007-3108.patch)
+	CVE-2007-3108.patch CVE-2007-5135.patch)
 
 build() {
     cd $name-$version
     patch -p1 -i $SRC/CVE-2007-3108.patch
+    patch -p0 -d ssl -i $SRC/CVE-2007-5135.patch
     patch -p1 -i $SRC/openssl-0.9.8b-parallel-build.patch
     ./config --prefix=/usr --openssldir=/etc/ssl shared
     make