From: Roman I Khimov <khimov@altell.ru>
Date: Mon, 13 Sep 2010 14:39:40 +0000 (+0400)
Subject: openssl 1.0.0a: fix CVE-2010-2939
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=36f96bf1d65ed49943e3ca1abae1ad386730ba0c;p=openembedded.git

openssl 1.0.0a: fix CVE-2010-2939

0.9.8 is also affected, please try the same patch if using that.

Signed-off-by: Roman I Khimov <khimov@altell.ru>
---

diff --git a/recipes/openssl/openssl-1.0.0a/openssl-fix-ssl3_get_key_exchange-double-free.patch b/recipes/openssl/openssl-1.0.0a/openssl-fix-ssl3_get_key_exchange-double-free.patch
new file mode 100644
index 0000000000..4e988498a3
--- /dev/null
+++ b/recipes/openssl/openssl-1.0.0a/openssl-fix-ssl3_get_key_exchange-double-free.patch
@@ -0,0 +1,12 @@
+Index: openssl-1.0.0a/ssl/s3_clnt.c
+===================================================================
+--- openssl-1.0.0a.orig/ssl/s3_clnt.c	2010-09-13 18:38:01.000000000 +0400
++++ openssl-1.0.0a/ssl/s3_clnt.c	2010-09-13 18:38:35.000000000 +0400
+@@ -1508,6 +1508,7 @@
+ 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
+ 		ecdh=NULL;
+ 		BN_CTX_free(bn_ctx);
++		bn_ctx = NULL;
+ 		EC_POINT_free(srvr_ecpoint);
+ 		srvr_ecpoint = NULL;
+ 		}
diff --git a/recipes/openssl/openssl_1.0.0a.bb b/recipes/openssl/openssl_1.0.0a.bb
index 8dc4b89491..cc3a8ab31c 100644
--- a/recipes/openssl/openssl_1.0.0a.bb
+++ b/recipes/openssl/openssl_1.0.0a.bb
@@ -4,7 +4,7 @@ require openssl.inc
 SRC_URI[src.md5sum] = "e3873edfffc783624cfbdb65e2249cbd"
 SRC_URI[src.sha256sum] = "18a9bd1fc02b8ef90dded34fafaa9089baaafef278a19fc4e89c2ab0dcf70f63"
 
-PR = "${INC_PR}.0"
+PR = "${INC_PR}.1"
 
 DEFAULT_PREFERENCE = "-1"
 
@@ -17,6 +17,7 @@ SRC_URI += "file://configure-targets.patch \
             file://oe-ldflags.patch \
 	    file://libdeps-first.patch \
 	    file://engines-install-in-libdir-ssl.patch \
+	    file://openssl-fix-ssl3_get_key_exchange-double-free.patch \
 	   "
 
 PARALLEL_MAKE = ""