- aliasing bug in engine loading, patch by IBM (#213216)

This commit is contained in:
Tomáš Mráz 2006-11-02 21:16:00 +00:00
parent 98d8457650
commit a99897e811
2 changed files with 30 additions and 1 deletions

View File

@ -0,0 +1,24 @@
This patch fixes a violation of the C aliasing rules that can cause
miscompilation with some compiler versions.
--- openssl-0.9.8b/crypto/dso/dso_dlfcn.c.orig 2006-10-30 18:21:35.000000000 +0100
+++ openssl-0.9.8b/crypto/dso/dso_dlfcn.c 2006-10-30 18:21:37.000000000 +0100
@@ -237,7 +237,7 @@ static void *dlfcn_bind_var(DSO *dso, co
static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
{
void *ptr;
- DSO_FUNC_TYPE sym, *tsym = &sym;
+ DSO_FUNC_TYPE sym;
if((dso == NULL) || (symname == NULL))
{
@@ -255,7 +255,7 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO
DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
return(NULL);
}
- *(void **)(tsym) = dlsym(ptr, symname);
+ sym = dlsym(ptr, symname);
if(sym == NULL)
{
DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);

View File

@ -21,7 +21,7 @@
Summary: The OpenSSL toolkit
Name: openssl
Version: 0.9.8b
Release: 8
Release: 9%{?dist}
Source: openssl-%{version}-usa.tar.bz2
Source1: hobble-openssl
Source2: Makefile.certificate
@ -60,6 +60,7 @@ Patch57: openssl-0.9.8b-cve-2006-2937.patch
Patch58: openssl-0.9.8b-cve-2006-2940.patch
Patch59: openssl-0.9.8b-cve-2006-3738.patch
Patch60: openssl-0.9.8b-cve-2006-4343.patch
Patch61: openssl-0.9.8b-aliasing-bug.patch
License: BSDish
Group: System Environment/Libraries
@ -129,6 +130,7 @@ from other formats to the formats used by the OpenSSL toolkit.
%patch58 -p0 -b .parasitic
%patch59 -p0 -b .shared-ciphers
%patch60 -p0 -b .client-dos
%patch61 -p1 -b .aliasing-bug
# Modify the various perl scripts to reference perl in the right location.
perl util/perlpath.pl `dirname %{__perl}`
@ -363,6 +365,9 @@ rm -rf $RPM_BUILD_ROOT/%{_bindir}/openssl_fips_fingerprint
%postun -p /sbin/ldconfig
%changelog
* Thu Nov 2 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-9
- aliasing bug in engine loading, patch by IBM (#213216)
* Mon Oct 2 2006 Tomas Mraz <tmraz@redhat.com> 0.9.8b-8
- CVE-2006-2940 fix was incorrect (#208744)