[arch-commits] Commit in openssl/trunk (PKGBUILD fix-double-free.patch)

Pierre Schmitz Tue, 10 Aug 2010 03:56:21 -0700

    Date: Tuesday, August 10, 2010 @ 06:56:06
  Author: pierre
Revision: 87052


fix double free issue in ssl3

see http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0085.html

Added:
  openssl/trunk/fix-double-free.patch
Modified:
  openssl/trunk/PKGBUILD

-----------------------+
 PKGBUILD              |   24 +++++++++++++++---------
 fix-double-free.patch |   10 ++++++++++
 2 files changed, 25 insertions(+), 9 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD    2010-08-10 02:33:33 UTC (rev 87051)
+++ PKGBUILD    2010-08-10 10:56:06 UTC (rev 87052)
@@ -5,7 +5,7 @@
 _ver=1.0.0a
 # use a pacman compatible version scheme
 pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
-pkgrel=2
+pkgrel=3
 pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer 
Security'
 arch=('i686' 'x86_64')
 url='https://www.openssl.org'
@@ -17,11 +17,13 @@
 source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz";
         'fix-manpages.patch'
         'no-rpath.patch'
-        'ca-dir.patch')
+        'ca-dir.patch'
+        'fix-double-free.patch')
 md5sums=('e3873edfffc783624cfbdb65e2249cbd'
          'f540cd9e0e3047d589d0581fe7a2d0f2'
          'dc78d3d06baffc16217519242ce92478'
-         '3bf51be3a1bbd262be46dc619f92aa90')
+         '3bf51be3a1bbd262be46dc619f92aa90'
+         'ccb896e23a44b89a3c93ac094c592c1f')
 
 # keep an upgrade path for older installations
 PKGEXT='.pkg.tar.gz'
@@ -31,21 +33,25 @@
 
        # avoid conflicts with other man pages
        # see http://www.linuxfromscratch.org/patches/downloads/openssl/
-       patch -p0 -i $srcdir/fix-manpages.patch || return 1
+       patch -p0 -i $srcdir/fix-manpages.patch
        # remove rpath: http://bugs.archlinux.org/task/14367
-       patch -p0 -i $srcdir/no-rpath.patch || return 1
+       patch -p0 -i $srcdir/no-rpath.patch
        # set ca dir to /etc/ssl by default
-       patch -p0 -i $srcdir/ca-dir.patch || return 1
+       patch -p0 -i $srcdir/ca-dir.patch
+       # fix double free
+       # see http://marc.info/?l=openssl-dev&m=128118163216952&w=2
+       # and http://marc.info/?l=openssl-dev&m=128128256314328&w=2
+       patch -p0 -i $srcdir/fix-double-free.patch
        # mark stack as non-executable: http://bugs.archlinux.org/task/12434
        ./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
-               shared zlib enable-md2 -Wa,--noexecstack || return 1
+               shared zlib enable-md2 -Wa,--noexecstack
 
-       make || return 1
+       make
 
        # the test fails due to missing write permissions in /etc/ssl
        # revert this patch for make test
        #patch -p0 -R -i $srcdir/ca-dir.patch
-       #make test || return 1
+       #make test
        #patch -p0 -i $srcdir/ca-dir.patch
 }
 

Added: fix-double-free.patch
===================================================================
--- fix-double-free.patch                               (rev 0)
+++ fix-double-free.patch       2010-08-10 10:56:06 UTC (rev 87052)
@@ -0,0 +1,10 @@
+--- ssl/s3_clnt.c.orig Sun Feb 28 01:24:24 2010
++++ ssl/s3_clnt.c      Sun Aug  8 14:49:30 2010
+@@ -1508,6 +1508,7 @@
+               s->session->sess_cert->peer_ecdh_tmp=ecdh;
+               ecdh=NULL;
+               BN_CTX_free(bn_ctx);
++              bn_ctx = NULL;
+               EC_POINT_free(srvr_ecpoint);
+               srvr_ecpoint = NULL;
+               }

[arch-commits] Commit in openssl/trunk (PKGBUILD fix-double-free.patch)

Reply via email to