openssl.patch openssl.spec

Christoph Schug Fri, 28 Sep 2007 09:18:25 -0700

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________


  Server: cvs.openpkg.org                  Name:   Christoph Schug
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   28-Sep-2007 18:18:22
  Branch: HEAD                             Handle: 2007092817182200

  Modified files:
    openpkg-src/openssl     openssl.patch openssl.spec

  Log:
    lingering "security" fix

  Summary:
    Revision    Changes     Path
    1.29        +47 -0      openpkg-src/openssl/openssl.patch
    1.91        +1  -1      openpkg-src/openssl/openssl.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/openssl/openssl.patch
  ============================================================================
  $ cvs diff -u -r1.28 -r1.29 openssl.patch
  --- openpkg-src/openssl/openssl.patch 3 Jun 2007 09:44:19 -0000       1.28
  +++ openpkg-src/openssl/openssl.patch 28 Sep 2007 16:18:22 -0000      1.29
  @@ -481,4 +481,51 @@
    DIR=        des
    TOP=        ../..
    CC= cc
  +________________________________________________________________________
   
  +Lingering "security" fix
  +http://cvs.openssl.org/chngview?cn=16587
  +
  +Index: ssl/ssl_lib.c
  +--- ssl/ssl_lib.c.orig       2006-11-29 21:47:15 +0100
  ++++ ssl/ssl_lib.c    2007-09-28 18:11:48 +0200
  +@@ -1201,7 +1201,6 @@
  + char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
  +     {
  +     char *p;
  +-    const char *cp;
  +     STACK_OF(SSL_CIPHER) *sk;
  +     SSL_CIPHER *c;
  +     int i;
  +@@ -1214,20 +1213,21 @@
  +     sk=s->session->ciphers;
  +     for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
  +             {
  +-            /* Decrement for either the ':' or a '\0' */
  +-            len--;
  ++            int n;
  ++
  +             c=sk_SSL_CIPHER_value(sk,i);
  +-            for (cp=c->name; *cp; )
  ++            n=strlen(c->name);
  ++            if (n+1 > len)
  +                     {
  +-                    if (len-- <= 0)
  +-                            {
  +-                            *p='\0';
  +-                            return(buf);
  +-                            }
  +-                    else
  +-                            *(p++)= *(cp++);
  ++                    if (p != buf)
  ++                            --p;
  ++                    *p='\0';
  ++                    return buf;
  +                     }
  ++            strcpy(p,c->name);
  ++            p+=n;
  +             *(p++)=':';
  ++            len-=n+1;
  +             }
  +     p[-1]='\0';
  +     return(buf);
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/openssl/openssl.spec
  ============================================================================
  $ cvs diff -u -r1.90 -r1.91 openssl.spec
  --- openpkg-src/openssl/openssl.spec  26 Aug 2007 16:17:16 -0000      1.90
  +++ openpkg-src/openssl/openssl.spec  28 Sep 2007 16:18:22 -0000      1.91
  @@ -33,7 +33,7 @@
   Group:        SSL
   License:      BSD-style
   Version:      0.9.8e
  -Release:      20070826
  +Release:      20070928
   
   #   package options
   %option       with_zlib     no
  @@ .
______________________________________________________________________
OpenPKG                                             http://openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org

[CVS] OpenPKG: openpkg-src/openssl/ openssl.patch openssl.spec

Reply via email to