Revision: 7521
http://sourceforge.net/p/ipcop/svn/7521
Author: owes
Date: 2014-05-04 18:44:25 +0000 (Sun, 04 May 2014)
Log Message:
-----------
Patch openssl for CVE-2010-5298
Modified Paths:
--------------
ipcop/trunk/lfs/openssl
ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6
ipcop/trunk/updates/2.1.6/information.xml
Added Paths:
-----------
ipcop/trunk/src/patches/openssl-1.0.1g_CVE-2010-5298.patch
Modified: ipcop/trunk/lfs/openssl
===================================================================
--- ipcop/trunk/lfs/openssl 2014-05-04 18:36:35 UTC (rev 7520)
+++ ipcop/trunk/lfs/openssl 2014-05-04 18:44:25 UTC (rev 7521)
@@ -81,6 +81,7 @@
$(TARGET) : $(firstword $(MAKEFILE_LIST)) $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && patch -p1 -i
$(DIR_PATCHES)/$(THISAPP)_CVE-2010-5298.patch
# Let still use our CFLAG but give the -O3 the developpers coded for
cd $(DIR_APP) && sed -i -e 's/-O3/$(CFLAGS) -O3/' Configure
Added: ipcop/trunk/src/patches/openssl-1.0.1g_CVE-2010-5298.patch
===================================================================
--- ipcop/trunk/src/patches/openssl-1.0.1g_CVE-2010-5298.patch
(rev 0)
+++ ipcop/trunk/src/patches/openssl-1.0.1g_CVE-2010-5298.patch 2014-05-04
18:44:25 UTC (rev 7521)
@@ -0,0 +1,27 @@
+From db978be7388852059cf54e42539a363d549c5bfd Mon Sep 17 00:00:00 2001
+From: Kurt Roeckx <k...@roeckx.be>
+Date: Sun, 13 Apr 2014 15:05:30 +0200
+Subject: [PATCH] Don't release the buffer when there still is data in it
+
+RT: 2167, 3265
+---
+ ssl/s3_pkt.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index b9e45c7..32e9207 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -1055,7 +1055,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char
*buf, int len, int peek)
+ {
+ s->rstate=SSL_ST_READ_HEADER;
+ rr->off=0;
+- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
++ if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
++ s->s3->rbuf.left == 0)
+ ssl3_release_read_buffer(s);
+ }
+ }
+--
+1.9.1
+
Modified: ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6
===================================================================
--- ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6 2014-05-04 18:36:35 UTC
(rev 7520)
+++ ipcop/trunk/updates/2.1.6/ROOTFILES.i486-2.1.6 2014-05-04 18:44:25 UTC
(rev 7521)
@@ -3,6 +3,9 @@
/etc/logrotate.d/squidGuard
/home/httpd/cgi-bin/proxy.cgi
##
+## openssl patched
+/usr/lib/libssl.so.1.0.0
+##
## openswan patched
/usr/libexec/ipsec/addconn
/usr/libexec/ipsec/pluto
Modified: ipcop/trunk/updates/2.1.6/information.xml
===================================================================
--- ipcop/trunk/updates/2.1.6/information.xml 2014-05-04 18:36:35 UTC (rev
7520)
+++ ipcop/trunk/updates/2.1.6/information.xml 2014-05-04 18:44:25 UTC (rev
7521)
@@ -5,6 +5,7 @@
<size>0</size>
<isoimages>no</isoimages>
<description>
+ Patch openssl for CVE-2010-5298.<br />
Upgrade squid to 3.4.5.
</description>
<previousversion>2.1.5</previousversion>
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
