Merge branch 'debian'

[hcoop/debian/exim4.git] / debian / patches / 84_02-CVE-2020-28018-Use-after-free-in-tls-openssl.c.patch

diff --git a/debian/patches/84_02-CVE-2020-28018-Use-after-free-in-tls-openssl.c.patch b/debian/patches/84_02-CVE-2020-28018-Use-after-free-in-tls-openssl.c.patch
new file mode 100644 (file)
index 0000000..3a488b3
--- /dev/null
+++ b/debian/patches/84_02-CVE-2020-28018-Use-after-free-in-tls-openssl.c.patch
@@ -0,0 +1,33 @@
+From 86cafc842feb6223476568921c2d3e06c706cc31 Mon Sep 17 00:00:00 2001
+From: Qualys Security Advisory <qsa@qualys.com>
+Date: Sun, 21 Feb 2021 19:05:56 -0800
+Subject: [PATCH 02/29] CVE-2020-28018: Use-after-free in tls-openssl.c
+
+---
+ src/tls-openssl.c | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/src/tls-openssl.c b/src/tls-openssl.c
+index e751edd9a..2a8d4cabd 100644
+--- a/src/tls-openssl.c
++++ b/src/tls-openssl.c
+@@ -2910,16 +2910,12 @@ a store reset there, so use POOL_PERM. */
+ 
+ if (!ct_ctx && (more || corked))
+   {
+-#ifdef EXPERIMENTAL_PIPE_CONNECT
+   int save_pool = store_pool;
+   store_pool = POOL_PERM;
+-#endif
+ 
+   corked = string_catn(corked, buff, len);
+ 
+-#ifdef EXPERIMENTAL_PIPE_CONNECT
+   store_pool = save_pool;
+-#endif
+ 
+   if (more)
+     {
+-- 
+2.30.2
+