[package] openssl: add patch for CVE-2010-0740 ("Record of death") vulnerability

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20592 3c298f89-4303-0410-b956-a3cf2f4a3e73

diff --git a/package/openssl/Makefile b/package/openssl/Makefile
index e7a74905fd00b950f5078f4362430c6e4b499fa8..9f80a98f3982c2ecb8e90fdc2ddf655fe06b556a 100644 (file)
--- a/package/openssl/Makefile
+++ b/package/openssl/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssl
 PKG_VERSION:=0.9.8m
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://www.openssl.org/source/ \

diff --git a/package/openssl/patches/400-cve-2010-0740.patch b/package/openssl/patches/400-cve-2010-0740.patch
new file mode 100644 (file)
index 0000000..4c893eb
--- /dev/null
+++ b/package/openssl/patches/400-cve-2010-0740.patch
@@ -0,0 +1,15 @@
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -291,9 +291,9 @@ again:
+                       if (version != s->version)
+                               {
+                               SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
+-                              /* Send back error using their
+-                               * version number :-) */
+-                              s->version=version;
++                                if ((s->version & 0xFF00) == (version & 0xFF00))
++                                      /* Send back error using their minor version number :-) */
++                                      s->version = (unsigned short)version;
+                               al=SSL_AD_PROTOCOL_VERSION;
+                               goto f_err;
+                               }