[arch-commits] Commit in openssl/trunk (PKGBUILD fix-double-free.patch)

Tue Aug 10 10:56:06 UTC 2010

Date: Tuesday, August 10, 2010 @ 06:56:06
  Author: pierre
Revision: 87052

fix double free issue in ssl3

see http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0085.html

Added:
  openssl/trunk/fix-double-free.patch
Modified:
  openssl/trunk/PKGBUILD

-----------------------+
 PKGBUILD              |   24 +++++++++++++++---------
 fix-double-free.patch |   10 ++++++++++
 2 files changed, 25 insertions(+), 9 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2010-08-10 02:33:33 UTC (rev 87051)
+++ PKGBUILD	2010-08-10 10:56:06 UTC (rev 87052)
@@ -5,7 +5,7 @@
 _ver=1.0.0a
 # use a pacman compatible version scheme
 pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
-pkgrel=2
+pkgrel=3
 pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security'
 arch=('i686' 'x86_64')
 url='https://www.openssl.org'
@@ -17,11 +17,13 @@
 source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz"
         'fix-manpages.patch'
         'no-rpath.patch'
-        'ca-dir.patch')
+        'ca-dir.patch'
+        'fix-double-free.patch')
 md5sums=('e3873edfffc783624cfbdb65e2249cbd'
          'f540cd9e0e3047d589d0581fe7a2d0f2'
          'dc78d3d06baffc16217519242ce92478'
-         '3bf51be3a1bbd262be46dc619f92aa90')
+         '3bf51be3a1bbd262be46dc619f92aa90'
+         'ccb896e23a44b89a3c93ac094c592c1f')
 
 # keep an upgrade path for older installations
 PKGEXT='.pkg.tar.gz'
@@ -31,21 +33,25 @@
 
 	# avoid conflicts with other man pages
 	# see http://www.linuxfromscratch.org/patches/downloads/openssl/
-	patch -p0 -i $srcdir/fix-manpages.patch || return 1
+	patch -p0 -i $srcdir/fix-manpages.patch
 	# remove rpath: http://bugs.archlinux.org/task/14367
-	patch -p0 -i $srcdir/no-rpath.patch || return 1
+	patch -p0 -i $srcdir/no-rpath.patch
 	# set ca dir to /etc/ssl by default
-	patch -p0 -i $srcdir/ca-dir.patch || return 1
+	patch -p0 -i $srcdir/ca-dir.patch
+	# fix double free
+	# see http://marc.info/?l=openssl-dev&m=128118163216952&w=2
+	# and http://marc.info/?l=openssl-dev&m=128128256314328&w=2
+	patch -p0 -i $srcdir/fix-double-free.patch
 	# mark stack as non-executable: http://bugs.archlinux.org/task/12434
 	./config --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
-		shared zlib enable-md2 -Wa,--noexecstack || return 1
+		shared zlib enable-md2 -Wa,--noexecstack
 
-	make || return 1
+	make
 
 	# the test fails due to missing write permissions in /etc/ssl
 	# revert this patch for make test
 	#patch -p0 -R -i $srcdir/ca-dir.patch
-	#make test || return 1
+	#make test
 	#patch -p0 -i $srcdir/ca-dir.patch
 }
 

Added: fix-double-free.patch
===================================================================
--- fix-double-free.patch	                        (rev 0)
+++ fix-double-free.patch	2010-08-10 10:56:06 UTC (rev 87052)
@@ -0,0 +1,10 @@
+--- ssl/s3_clnt.c.orig	Sun Feb 28 01:24:24 2010
++++ ssl/s3_clnt.c	Sun Aug  8 14:49:30 2010
+@@ -1508,6 +1508,7 @@
+ 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
+ 		ecdh=NULL;
+ 		BN_CTX_free(bn_ctx);
++		bn_ctx = NULL;
+ 		EC_POINT_free(srvr_ecpoint);
+ 		srvr_ecpoint = NULL;
+ 		}


