[oe-commits] Roman I Khimov : openssl 1.0.0a: fix CVE-2010-2939
git version control
git at git.openembedded.org
Mon Sep 13 20:27:26 UTC 2010
Module: openembedded.git
Branch: org.openembedded.dev
Commit: 36f96bf1d65ed49943e3ca1abae1ad386730ba0c
URL: http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=36f96bf1d65ed49943e3ca1abae1ad386730ba0c
Author: Roman I Khimov <khimov at altell.ru>
Date: Mon Sep 13 18:39:40 2010 +0400
openssl 1.0.0a: fix CVE-2010-2939
0.9.8 is also affected, please try the same patch if using that.
Signed-off-by: Roman I Khimov <khimov at altell.ru>
---
...ssl-fix-ssl3_get_key_exchange-double-free.patch | 12 ++++++++++++
recipes/openssl/openssl_1.0.0a.bb | 3 ++-
2 files changed, 14 insertions(+), 1 deletions(-)
diff --git a/recipes/openssl/openssl-1.0.0a/openssl-fix-ssl3_get_key_exchange-double-free.patch b/recipes/openssl/openssl-1.0.0a/openssl-fix-ssl3_get_key_exchange-double-free.patch
new file mode 100644
index 0000000..4e98849
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.0a/openssl-fix-ssl3_get_key_exchange-double-free.patch
@@ -0,0 +1,12 @@
+Index: openssl-1.0.0a/ssl/s3_clnt.c
+===================================================================
+--- openssl-1.0.0a.orig/ssl/s3_clnt.c 2010-09-13 18:38:01.000000000 +0400
++++ openssl-1.0.0a/ssl/s3_clnt.c 2010-09-13 18:38:35.000000000 +0400
+@@ -1508,6 +1508,7 @@
+ s->session->sess_cert->peer_ecdh_tmp=ecdh;
+ ecdh=NULL;
+ BN_CTX_free(bn_ctx);
++ bn_ctx = NULL;
+ EC_POINT_free(srvr_ecpoint);
+ srvr_ecpoint = NULL;
+ }
diff --git a/recipes/openssl/openssl_1.0.0a.bb b/recipes/openssl/openssl_1.0.0a.bb
index 8dc4b89..cc3a8ab 100644
--- a/recipes/openssl/openssl_1.0.0a.bb
+++ b/recipes/openssl/openssl_1.0.0a.bb
@@ -4,7 +4,7 @@ require openssl.inc
SRC_URI[src.md5sum] = "e3873edfffc783624cfbdb65e2249cbd"
SRC_URI[src.sha256sum] = "18a9bd1fc02b8ef90dded34fafaa9089baaafef278a19fc4e89c2ab0dcf70f63"
-PR = "${INC_PR}.0"
+PR = "${INC_PR}.1"
DEFAULT_PREFERENCE = "-1"
@@ -17,6 +17,7 @@ SRC_URI += "file://configure-targets.patch \
file://oe-ldflags.patch \
file://libdeps-first.patch \
file://engines-install-in-libdir-ssl.patch \
+ file://openssl-fix-ssl3_get_key_exchange-double-free.patch \
"
PARALLEL_MAKE = ""
More information about the Openembedded-commits
mailing list