From: "Doug Goldstein (cardoe)" <cardoe@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] gentoo-x86 commit in dev-libs/openssl/files: openssl-0.9.8g-CVE-2008-0891.patch openssl-0.9.8g-CVE-2008-1672.patch
Date: Fri, 30 May 2008 21:30:30 +0000 [thread overview]
Message-ID: <E1K2CBC-0002vw-DP@stork.gentoo.org> (raw)
cardoe 08/05/30 21:30:30
Added: openssl-0.9.8g-CVE-2008-0891.patch
openssl-0.9.8g-CVE-2008-1672.patch
Log:
Security fix for CVE-2008-0891 & CVE-2008-1672. bug #223429
(Portage version: 2.1.5.2)
Revision Changes Path
1.1 dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-0891.patch?rev=1.1&content-type=text/plain
Index: openssl-0.9.8g-CVE-2008-0891.patch
===================================================================
Index: ssl/t1_lib.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/t1_lib.c,v
retrieving revision 1.13.2.8
diff -u -r1.13.2.8 t1_lib.c
--- ssl/t1_lib.c 18 Oct 2007 11:39:11 -0000 1.13.2.8
+++ ssl/t1_lib.c 18 Mar 2008 12:06:58 -0000
@@ -381,6 +381,7 @@
s->session->tlsext_hostname[len]='\0';
if (strlen(s->session->tlsext_hostname) != len) {
OPENSSL_free(s->session->tlsext_hostname);
+ s->session->tlsext_hostname = NULL;
*al = TLS1_AD_UNRECOGNIZED_NAME;
return 0;
}
1.1 dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch?rev=1.1&view=markup
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-libs/openssl/files/openssl-0.9.8g-CVE-2008-1672.patch?rev=1.1&content-type=text/plain
Index: openssl-0.9.8g-CVE-2008-1672.patch
===================================================================
Index: ssl/s3_clnt.c
===================================================================
RCS file: /e/openssl/cvs/openssl/ssl/s3_clnt.c,v
retrieving revision 1.88.2.12
diff -u -r1.88.2.12 s3_clnt.c
--- ssl/s3_clnt.c 3 Nov 2007 13:07:39 -0000 1.88.2.12
+++ ssl/s3_clnt.c 22 May 2008 09:19:30 -0000
@@ -2061,6 +2061,13 @@
{
DH *dh_srvr,*dh_clnt;
+ if (s->session->sess_cert == NULL)
+ {
+ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE);
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE);
+ goto err;
+ }
+
if (s->session->sess_cert->peer_dh_tmp != NULL)
dh_srvr=s->session->sess_cert->peer_dh_tmp;
else
--
gentoo-commits@lists.gentoo.org mailing list
reply other threads:[~2008-05-30 21:30 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1K2CBC-0002vw-DP@stork.gentoo.org \
--to=cardoe@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox