1 |
cardoe 08/05/30 21:30:30 |
2 |
|
3 |
Added: openssl-0.9.8g-CVE-2008-0891.patch |
4 |
openssl-0.9.8g-CVE-2008-1672.patch |
5 |
Log: |
6 |
Security fix for CVE-2008-0891 & CVE-2008-1672. bug #223429 |
7 |
(Portage version: 2.1.5.2) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: openssl-0.9.8g-CVE-2008-0891.patch |
16 |
=================================================================== |
17 |
Index: ssl/t1_lib.c |
18 |
=================================================================== |
19 |
RCS file: /e/openssl/cvs/openssl/ssl/t1_lib.c,v |
20 |
retrieving revision 1.13.2.8 |
21 |
diff -u -r1.13.2.8 t1_lib.c |
22 |
--- ssl/t1_lib.c 18 Oct 2007 11:39:11 -0000 1.13.2.8 |
23 |
+++ ssl/t1_lib.c 18 Mar 2008 12:06:58 -0000 |
24 |
@@ -381,6 +381,7 @@ |
25 |
s->session->tlsext_hostname[len]='\0'; |
26 |
if (strlen(s->session->tlsext_hostname) != len) { |
27 |
OPENSSL_free(s->session->tlsext_hostname); |
28 |
+ s->session->tlsext_hostname = NULL; |
29 |
*al = TLS1_AD_UNRECOGNIZED_NAME; |
30 |
return 0; |
31 |
} |
32 |
|
33 |
|
34 |
|
35 |
1.1 dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch |
36 |
|
37 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch?rev=1.1&view=markup |
38 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch?rev=1.1&content-type=text/plain |
39 |
|
40 |
Index: openssl-0.9.8g-CVE-2008-1672.patch |
41 |
=================================================================== |
42 |
Index: ssl/s3_clnt.c |
43 |
=================================================================== |
44 |
RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v |
45 |
retrieving revision 1.88.2.12 |
46 |
diff -u -r1.88.2.12 s3_clnt.c |
47 |
--- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000 1.88.2.12 |
48 |
+++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000 |
49 |
@@ -2061,6 +2061,13 @@ |
50 |
{ |
51 |
DH *dh_srvr,*dh_clnt; |
52 |
|
53 |
+ if (s->session->sess_cert == NULL) |
54 |
+ { |
55 |
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); |
56 |
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); |
57 |
+ goto err; |
58 |
+ } |
59 |
+ |
60 |
if (s->session->sess_cert->peer_dh_tmp != NULL) |
61 |
dh_srvr=s->session->sess_cert->peer_dh_tmp; |
62 |
else |
63 |
|
64 |
|
65 |
|
66 |
-- |
67 |
gentoo-commits@l.g.o mailing list |