Add some patches from upstream #270305.

(Portage version: 2.2_rc46/cvs/Linux x86_64)

5 files changed, 108 insertions, 2 deletions

diff --git a/dev-libs/openssl/ChangeLog b/dev-libs/openssl/ChangeLog
index f8ea2efaca13..17e125911255 100644
--- a/dev-libs/openssl/ChangeLog
+++ b/dev-libs/openssl/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for dev-libs/openssl
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.296 2009/11/05 19:56:15 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.297 2009/11/05 20:08:49 vapier Exp $
+
+  05 Nov 2009; Mike Frysinger <vapier@gentoo.org> openssl-0.9.8l.ebuild,
+  +files/openssl-0.9.8l-CVE-2009-1377.patch,
+  +files/openssl-0.9.8l-CVE-2009-1378.patch,
+  +files/openssl-0.9.8l-CVE-2009-1379.patch:
+  Add some patches from upstream #270305.
 
 *openssl-0.9.8l (05 Nov 2009)
 
diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch
new file mode 100644
index 000000000000..761698e0f1d4
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch
@@ -0,0 +1,53 @@
+http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
+
+Index: openssl/crypto/pqueue/pqueue.c
+RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v
+rcsdiff -q -kk '-r1.2.2.4' '-r1.2.2.5' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v' 2>/dev/null
+--- crypto/pqueue/pqueue.c	2005/06/28 12:53:33	1.2.2.4
++++ crypto/pqueue/pqueue.c	2009/05/16 16:18:44	1.2.2.5
+@@ -234,3 +234,17 @@
+ 
+ 	return ret;
+ 	}
++
++int
++pqueue_size(pqueue_s *pq)
++{
++	pitem *item = pq->items;
++	int count = 0;
++	
++	while(item != NULL)
++	{
++		count++;
++		item = item->next;
++	}
++	return count;
++}
+Index: openssl/crypto/pqueue/pqueue.h
+RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v
+rcsdiff -q -kk '-r1.2.2.1' '-r1.2.2.2' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v' 2>/dev/null
+--- crypto/pqueue/pqueue.h	2005/05/30 22:34:27	1.2.2.1
++++ crypto/pqueue/pqueue.h	2009/05/16 16:18:44	1.2.2.2
+@@ -91,5 +91,6 @@
+ pitem *pqueue_next(piterator *iter);
+ 
+ void   pqueue_print(pqueue pq);
++int    pqueue_size(pqueue pq);
+ 
+ #endif /* ! HEADER_PQUEUE_H */
+Index: openssl/ssl/d1_pkt.c
+RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
+rcsdiff -q -kk '-r1.4.2.17' '-r1.4.2.18' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null
+--- ssl/d1_pkt.c	2009/05/16 15:51:59	1.4.2.17
++++ ssl/d1_pkt.c	2009/05/16 16:18:45	1.4.2.18
+@@ -167,6 +167,10 @@
+     DTLS1_RECORD_DATA *rdata;
+ 	pitem *item;
+ 
++	/* Limit the size of the queue to prevent DOS attacks */
++	if (pqueue_size(queue->q) >= 100)
++		return 0;
++		
+ 	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
+ 	item = pitem_new(priority, rdata);
+ 	if (rdata == NULL || item == NULL)
diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch
new file mode 100644
index 000000000000..f111a4c086e8
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch
@@ -0,0 +1,24 @@
+http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
+
+Index: ssl/d1_both.c
+===================================================================
+--- ssl/d1_both.c.orig
++++ ssl/d1_both.c
+@@ -561,7 +561,16 @@ dtls1_process_out_of_seq_message(SSL *s,
+ 	if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
+ 		goto err;
+ 
+-	if (msg_hdr->seq <= s->d1->handshake_read_seq)
++	/* Try to find item in queue, to prevent duplicate entries */
++	pq_64bit_init(&seq64);
++	pq_64bit_assign_word(&seq64, msg_hdr->seq);
++	item = pqueue_find(s->d1->buffered_messages, seq64);
++	pq_64bit_free(&seq64);
++	
++	/* Discard the message if sequence number was already there, is
++	 * too far in the future or the fragment is already in the queue */
++	if (msg_hdr->seq <= s->d1->handshake_read_seq ||
++		msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
+ 		{
+ 		unsigned char devnull [256];
+ 
diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch
new file mode 100644
index 000000000000..706732435097
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch
@@ -0,0 +1,22 @@
+Index: openssl/ssl/d1_both.c
+RCS File: /v/openssl/cvs/openssl/ssl/d1_both.c,v
+rcsdiff -q -kk '-r1.14.2.6' '-r1.14.2.7' -u '/v/openssl/cvs/openssl/ssl/d1_both.c,v' 2>/dev/null
+--- d1_both.c	2009/04/22 12:17:02	1.14.2.6
++++ d1_both.c	2009/05/13 11:51:30	1.14.2.7
+@@ -519,6 +519,7 @@
+ 
+ 	if ( s->d1->handshake_read_seq == frag->msg_header.seq)
+ 		{
++		unsigned long frag_len = frag->msg_header.frag_len;
+ 		pqueue_pop(s->d1->buffered_messages);
+ 
+ 		al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
+@@ -536,7 +537,7 @@
+ 		if (al==0)
+ 			{
+ 			*ok = 1;
+-			return frag->msg_header.frag_len;
++			return frag_len;
+ 			}
+ 
+ 		ssl3_send_alert(s,SSL3_AL_FATAL,al);
diff --git a/dev-libs/openssl/openssl-0.9.8l.ebuild b/dev-libs/openssl/openssl-0.9.8l.ebuild
index 679229e8e34b..716504ba759d 100644
--- a/dev-libs/openssl/openssl-0.9.8l.ebuild
+++ b/dev-libs/openssl/openssl-0.9.8l.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8l.ebuild,v 1.1 2009/11/05 19:56:15 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8l.ebuild,v 1.2 2009/11/05 20:08:49 vapier Exp $
 
 inherit eutils flag-o-matic toolchain-funcs
 
@@ -38,6 +38,7 @@ src_unpack() {
 	#epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
 	epatch "${FILESDIR}"/${PN}-0.9.8g-sslv3-no-tlsext.patch
 	#epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
+	epatch "${FILESDIR}"/${PN}-0.9.8l-CVE-2009-137{7,8,9}.patch #270305
 	sed -i -e '/DIRS/ s/ fips / /g' Makefile{,.org} \
 		|| die "Removing fips from openssl failed."