[arch-commits] Commit in openssl/trunk (PKGBUILD fix-double-free.patch)
Pierre Schmitz
pierre at archlinux.org
Tue Aug 10 10:56:06 UTC 2010
Date: Tuesday, August 10, 2010 @ 06:56:06
Author: pierre
Revision: 87052
fix double free issue in ssl3
see http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0085.html
Added:
openssl/trunk/fix-double-free.patch
Modified:
openssl/trunk/PKGBUILD
-----------------------+
PKGBUILD | 24 +++++++++++++++---------
fix-double-free.patch | 10 ++++++++++
2 files changed, 25 insertions(+), 9 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2010-08-10 02:33:33 UTC (rev 87051)
+++ PKGBUILD 2010-08-10 10:56:06 UTC (rev 87052)
@@ -5,7 +5,7 @@
_ver=1.0.0a
# use a pacman compatible version scheme
pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
-pkgrel=2
+pkgrel=3
pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security'
arch=('i686' 'x86_64')
url='https://www.openssl.org'
@@ -17,11 +17,13 @@
source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz"
'fix-manpages.patch'
'no-rpath.patch'
- 'ca-dir.patch')
+ 'ca-dir.patch'
+ 'fix-double-free.patch')
md5sums=('e3873edfffc783624cfbdb65e2249cbd'
'f540cd9e0e3047d589d0581fe7a2d0f2'
'dc78d3d06baffc16217519242ce92478'
- '3bf51be3a1bbd262be46dc619f92aa90')
+ '3bf51be3a1bbd262be46dc619f92aa90'
+ 'ccb896e23a44b89a3c93ac094c592c1f')
# keep an upgrade path for older installations
PKGEXT='.pkg.tar.gz'
@@ -31,21 +33,25 @@
# avoid conflicts with other man pages
# see http://www.linuxfromscratch.org/patches/downloads/openssl/
- patch -p0 -i $srcdir/fix-manpages.patch || return 1
+ patch -p0 -i $srcdir/fix-manpages.patch
# remove rpath: http://bugs.archlinux.org/task/14367
- patch -p0 -i $srcdir/no-rpath.patch || return 1
+ patch -p0 -i $srcdir/no-rpath.patch
# set ca dir to /etc/ssl by default
- patch -p0 -i $srcdir/ca-dir.patch || return 1
+ patch -p0 -i $srcdir/ca-dir.patch
+ # fix double free
+ # see http://marc.info/?l=openssl-dev&m=128118163216952&w=2
+ # and http://marc.info/?l=openssl-dev&m=128128256314328&w=2
+ patch -p0 -i $srcdir/fix-double-free.patch
# mark stack as non-executable: http://bugs.archlinux.org/task/12434
./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
- shared zlib enable-md2 -Wa,--noexecstack || return 1
+ shared zlib enable-md2 -Wa,--noexecstack
- make || return 1
+ make
# the test fails due to missing write permissions in /etc/ssl
# revert this patch for make test
#patch -p0 -R -i $srcdir/ca-dir.patch
- #make test || return 1
+ #make test
#patch -p0 -i $srcdir/ca-dir.patch
}
Added: fix-double-free.patch
===================================================================
--- fix-double-free.patch (rev 0)
+++ fix-double-free.patch 2010-08-10 10:56:06 UTC (rev 87052)
@@ -0,0 +1,10 @@
+--- ssl/s3_clnt.c.orig Sun Feb 28 01:24:24 2010
++++ ssl/s3_clnt.c Sun Aug 8 14:49:30 2010
+@@ -1508,6 +1508,7 @@
+ s->session->sess_cert->peer_ecdh_tmp=ecdh;
+ ecdh=NULL;
+ BN_CTX_free(bn_ctx);
++ bn_ctx = NULL;
+ EC_POINT_free(srvr_ecpoint);
+ srvr_ecpoint = NULL;
+ }
More information about the arch-commits
mailing list