openssl 1.0.0a: fix CVE-2010-2939

0.9.8 is also affected, please try the same patch if using that.

Signed-off-by: Roman I Khimov <khimov@altell.ru>

diff --git a/recipes/openssl/openssl-1.0.0a/openssl-fix-ssl3_get_key_exchange-double-free.patch b/recipes/openssl/openssl-1.0.0a/openssl-fix-ssl3_get_key_exchange-double-free.patch
new file mode 100644 (file)
index 0000000..4e98849
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.0a/openssl-fix-ssl3_get_key_exchange-double-free.patch
@@ -0,0 +1,12 @@
+Index: openssl-1.0.0a/ssl/s3_clnt.c
+===================================================================
+--- openssl-1.0.0a.orig/ssl/s3_clnt.c  2010-09-13 18:38:01.000000000 +0400
++++ openssl-1.0.0a/ssl/s3_clnt.c       2010-09-13 18:38:35.000000000 +0400
+@@ -1508,6 +1508,7 @@
+               s->session->sess_cert->peer_ecdh_tmp=ecdh;
+               ecdh=NULL;
+               BN_CTX_free(bn_ctx);
++              bn_ctx = NULL;
+               EC_POINT_free(srvr_ecpoint);
+               srvr_ecpoint = NULL;
+               }

diff --git a/recipes/openssl/openssl_1.0.0a.bb b/recipes/openssl/openssl_1.0.0a.bb
index 8dc4b89..cc3a8ab 100644 (file)
--- a/recipes/openssl/openssl_1.0.0a.bb
+++ b/recipes/openssl/openssl_1.0.0a.bb
@@ -4,7 +4,7 @@ require openssl.inc
 SRC_URI[src.md5sum] = "e3873edfffc783624cfbdb65e2249cbd"
 SRC_URI[src.sha256sum] = "18a9bd1fc02b8ef90dded34fafaa9089baaafef278a19fc4e89c2ab0dcf70f63"
 
-PR = "${INC_PR}.0"
+PR = "${INC_PR}.1"
 
 DEFAULT_PREFERENCE = "-1"
 
@@ -17,6 +17,7 @@ SRC_URI += "file://configure-targets.patch \
             file://oe-ldflags.patch \
            file://libdeps-first.patch \
            file://engines-install-in-libdir-ssl.patch \
+           file://openssl-fix-ssl3_get_key_exchange-double-free.patch \
           "
 
 PARALLEL_MAKE = ""