Date: Tuesday, August 10, 2010 @ 06:56:06 Author: pierre Revision: 87052
fix double free issue in ssl3 see http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0085.html Added: openssl/trunk/fix-double-free.patch Modified: openssl/trunk/PKGBUILD -----------------------+ PKGBUILD | 24 +++++++++++++++--------- fix-double-free.patch | 10 ++++++++++ 2 files changed, 25 insertions(+), 9 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2010-08-10 02:33:33 UTC (rev 87051) +++ PKGBUILD 2010-08-10 10:56:06 UTC (rev 87052) @@ -5,7 +5,7 @@ _ver=1.0.0a # use a pacman compatible version scheme pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} -pkgrel=2 +pkgrel=3 pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security' arch=('i686' 'x86_64') url='https://www.openssl.org' @@ -17,11 +17,13 @@ source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz" 'fix-manpages.patch' 'no-rpath.patch' - 'ca-dir.patch') + 'ca-dir.patch' + 'fix-double-free.patch') md5sums=('e3873edfffc783624cfbdb65e2249cbd' 'f540cd9e0e3047d589d0581fe7a2d0f2' 'dc78d3d06baffc16217519242ce92478' - '3bf51be3a1bbd262be46dc619f92aa90') + '3bf51be3a1bbd262be46dc619f92aa90' + 'ccb896e23a44b89a3c93ac094c592c1f') # keep an upgrade path for older installations PKGEXT='.pkg.tar.gz' @@ -31,21 +33,25 @@ # avoid conflicts with other man pages # see http://www.linuxfromscratch.org/patches/downloads/openssl/ - patch -p0 -i $srcdir/fix-manpages.patch || return 1 + patch -p0 -i $srcdir/fix-manpages.patch # remove rpath: http://bugs.archlinux.org/task/14367 - patch -p0 -i $srcdir/no-rpath.patch || return 1 + patch -p0 -i $srcdir/no-rpath.patch # set ca dir to /etc/ssl by default - patch -p0 -i $srcdir/ca-dir.patch || return 1 + patch -p0 -i $srcdir/ca-dir.patch + # fix double free + # see http://marc.info/?l=openssl-dev&m=128118163216952&w=2 + # and http://marc.info/?l=openssl-dev&m=128128256314328&w=2 + patch -p0 -i $srcdir/fix-double-free.patch # mark stack as non-executable: http://bugs.archlinux.org/task/12434 ./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib \ - shared zlib enable-md2 -Wa,--noexecstack || return 1 + shared zlib enable-md2 -Wa,--noexecstack - make || return 1 + make # the test fails due to missing write permissions in /etc/ssl # revert this patch for make test #patch -p0 -R -i $srcdir/ca-dir.patch - #make test || return 1 + #make test #patch -p0 -i $srcdir/ca-dir.patch } Added: fix-double-free.patch =================================================================== --- fix-double-free.patch (rev 0) +++ fix-double-free.patch 2010-08-10 10:56:06 UTC (rev 87052) @@ -0,0 +1,10 @@ +--- ssl/s3_clnt.c.orig Sun Feb 28 01:24:24 2010 ++++ ssl/s3_clnt.c Sun Aug 8 14:49:30 2010 +@@ -1508,6 +1508,7 @@ + s->session->sess_cert->peer_ecdh_tmp=ecdh; + ecdh=NULL; + BN_CTX_free(bn_ctx); ++ bn_ctx = NULL; + EC_POINT_free(srvr_ecpoint); + srvr_ecpoint = NULL; + }