[pkgsrc/trunk]: pkgsrc/security/openssl openssl: fix for CVE-2017-3735

[tez <tez%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/56fe7b3a3fee
branches:  trunk
changeset: 368933:56fe7b3a3fee
user:      tez <tez%pkgsrc.org@localhost>
date:      Fri Sep 22 21:02:43 2017 +0000

description:
openssl: fix for CVE-2017-3735

diffstat:

 security/openssl/Makefile                              |   3 +-
 security/openssl/distinfo                              |   3 +-
 security/openssl/patches/patch-crypto_x509v3_v3_addr.c |  25 ++++++++++++++++++
 3 files changed, 29 insertions(+), 2 deletions(-)

diffs (56 lines):

diff -r c89a41e18fc4 -r 56fe7b3a3fee security/openssl/Makefile
--- a/security/openssl/Makefile Fri Sep 22 20:18:54 2017 +0000
+++ b/security/openssl/Makefile Fri Sep 22 21:02:43 2017 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.231 2017/08/05 11:06:29 bsiegert Exp $
+# $NetBSD: Makefile,v 1.232 2017/09/22 21:02:43 tez Exp $
 
 DISTNAME=      openssl-1.0.2k
+PKGREVISION=   1
 CATEGORIES=    security
 MASTER_SITES=  https://www.openssl.org/source/
 
diff -r c89a41e18fc4 -r 56fe7b3a3fee security/openssl/distinfo
--- a/security/openssl/distinfo Fri Sep 22 20:18:54 2017 +0000
+++ b/security/openssl/distinfo Fri Sep 22 21:02:43 2017 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.127 2017/01/26 16:31:57 jperkin Exp $
+$NetBSD: distinfo,v 1.128 2017/09/22 21:02:43 tez Exp $
 
 SHA1 (openssl-1.0.2k.tar.gz) = 5f26a624479c51847ebd2f22bb9f84b3b44dcb44
 RMD160 (openssl-1.0.2k.tar.gz) = 56b70831e49f83987ec14b3878d0d693f9a7d862
@@ -11,4 +11,5 @@
 SHA1 (patch-config) = 345cadece3bdf0ef0a273a6c9ba6d0cbb1026a31
 SHA1 (patch-crypto_bn_bn__prime.pl) = a516f3709a862d85e659d466e895419b1e0a94c8
 SHA1 (patch-crypto_des_Makefile) = 7a23f9883ff6c93ec0e5d08e1332cc95de8cdba2
+SHA1 (patch-crypto_x509v3_v3_addr.c) = 0782668ce0748b58eda9036ee93fa926e575698b
 SHA1 (patch-tools_Makefile) = 67f0b9b501969382fd89b678c277d32bf5d294bc
diff -r c89a41e18fc4 -r 56fe7b3a3fee security/openssl/patches/patch-crypto_x509v3_v3_addr.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/openssl/patches/patch-crypto_x509v3_v3_addr.c    Fri Sep 22 21:02:43 2017 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-crypto_x509v3_v3_addr.c,v 1.1 2017/09/22 21:02:43 tez Exp $
+
+Patch for CVE-2017-3735 from 
+https://github.com/openssl/openssl/commit/31c8b265591a0aaa462a1f3eb5770661aaac67db
+
+
+--- crypto/x509v3/v3_addr.c
++++ crypto/x509v3/v3_addr.c
+@@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi)
+  */
+ unsigned int v3_addr_get_afi(const IPAddressFamily *f)
+ {
+-    return ((f != NULL &&
+-             f->addressFamily != NULL && f->addressFamily->data != NULL)
+-            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
+-            : 0);
++    if (f == NULL
++            || f->addressFamily == NULL
++            || f->addressFamily->data == NULL
++            || f->addressFamily->length < 2)
++        return 0;
++    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
+ }
+ 
+ /*