[gentoo-commits] gentoo-x86 commit in dev-libs/openssl/files: openssl-0.9.8g-CVE-2008-0891.patch openssl-0.9.8g-CVE-2008-1672.patch - gentoo-commits

From:	"Doug Goldstein (cardoe)" <cardoe@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in dev-libs/openssl/files: openssl-0.9.8g-CVE-2008-0891.patch openssl-0.9.8g-CVE-2008-1672.patch
Date:	Fri, 30 May 2008 21:30:35
Message-Id:	`E1K2CBC-0002vw-DP@stork.gentoo.org`

1

cardoe      08/05/30 21:30:30

2

3

  Added:                openssl-0.9.8g-CVE-2008-0891.patch

4

                        openssl-0.9.8g-CVE-2008-1672.patch

5

  Log:

6

  Security fix for CVE-2008-0891 & CVE-2008-1672. bug #223429

7

  (Portage version: 2.1.5.2)

8

9

Revision  Changes    Path

10

1.1                  dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch

11

12

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch?rev=1.1&view=markup

13

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch?rev=1.1&content-type=text/plain

14

15

Index: openssl-0.9.8g-CVE-2008-0891.patch

16

===================================================================

17

Index: ssl/t1_lib.c

18

===================================================================

19

RCS file: /e/openssl/cvs/openssl/ssl/t1_lib.c,v

20

retrieving revision 1.13.2.8

21

diff -u -r1.13.2.8 t1_lib.c

22

--- ssl/t1_lib.c	18 Oct 2007 11:39:11 -0000	1.13.2.8

23

+++ ssl/t1_lib.c	18 Mar 2008 12:06:58 -0000

24

@@ -381,6 +381,7 @@

25

 						s->session->tlsext_hostname[len]='\0';

26

 						if (strlen(s->session->tlsext_hostname) != len) {

27

 							OPENSSL_free(s->session->tlsext_hostname);

28

+							s->session->tlsext_hostname = NULL;

29

 							*al = TLS1_AD_UNRECOGNIZED_NAME;

30

 							return 0;

31

}

1.1                  dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch

36

37

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch?rev=1.1&view=markup

38

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch?rev=1.1&content-type=text/plain

39

40

Index: openssl-0.9.8g-CVE-2008-1672.patch

41

===================================================================

42

Index: ssl/s3_clnt.c

43

===================================================================

44

RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v

45

retrieving revision 1.88.2.12

46

diff -u -r1.88.2.12 s3_clnt.c

47

--- ssl/s3_clnt.c	3 Nov 2007 13:07:39 -0000	1.88.2.12

48

+++ ssl/s3_clnt.c	22 May 2008 09:19:30 -0000

49

@@ -2061,6 +2061,13 @@

50

{

51

 			DH *dh_srvr,*dh_clnt;

52

53

+                        if (s->session->sess_cert == NULL) 

54

+                                {

55

+                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);

56

+                                SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);

57

+                                goto err;

58

+                                }

59

+

60

 			if (s->session->sess_cert->peer_dh_tmp != NULL)

61

 				dh_srvr=s->session->sess_cert->peer_dh_tmp;

62

 			else

--

67

gentoo-commits@l.g.o mailing list

1	cardoe 08/05/30 21:30:30
2
3	Added: openssl-0.9.8g-CVE-2008-0891.patch
4	openssl-0.9.8g-CVE-2008-1672.patch
5	Log:
6	Security fix for CVE-2008-0891 & CVE-2008-1672. bug #223429
7	(Portage version: 2.1.5.2)
8
9	Revision Changes Path
10	1.1 dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch
11
12	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch?rev=1.1&content-type=text/plain
14
15	Index: openssl-0.9.8g-CVE-2008-0891.patch
16	===================================================================
17	Index: ssl/t1_lib.c
18	===================================================================
19	RCS file: /e/openssl/cvs/openssl/ssl/t1_lib.c,v
20	retrieving revision 1.13.2.8
21	diff -u -r1.13.2.8 t1_lib.c
22	--- ssl/t1_lib.c 18 Oct 2007 11:39:11 -0000 1.13.2.8
23	+++ ssl/t1_lib.c 18 Mar 2008 12:06:58 -0000
24	@@ -381,6 +381,7 @@
25	s->session->tlsext_hostname[len]='\0';
26	if (strlen(s->session->tlsext_hostname) != len) {
27	OPENSSL_free(s->session->tlsext_hostname);
28	+ s->session->tlsext_hostname = NULL;
29	*al = TLS1_AD_UNRECOGNIZED_NAME;
30	return 0;
31	}
32
33
34
35	1.1 dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch
36
37	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch?rev=1.1&view=markup
38	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch?rev=1.1&content-type=text/plain
39
40	Index: openssl-0.9.8g-CVE-2008-1672.patch
41	===================================================================
42	Index: ssl/s3_clnt.c
43	===================================================================
44	RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
45	retrieving revision 1.88.2.12
46	diff -u -r1.88.2.12 s3_clnt.c
47	--- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000 1.88.2.12
48	+++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000
49	@@ -2061,6 +2061,13 @@
50	{
51	DH dh_srvr,dh_clnt;
52
53	+ if (s->session->sess_cert == NULL)
54	+ {
55	+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
56	+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
57	+ goto err;
58	+ }
59	+
60	if (s->session->sess_cert->peer_dh_tmp != NULL)
61	dh_srvr=s->session->sess_cert->peer_dh_tmp;
62	else
63
64
65
66	--
67	gentoo-commits@l.g.o mailing list

Gentoo Archives: gentoo-commits