Bug#827054: jessie-pu: package openssl/1.0.1t-1+deb8u3

Tue, 23 Aug 2016 12:48:42 -0700 

The current debdiff we'd like to upload is:
diff -Nru openssl-1.0.1t/debian/changelog openssl-1.0.1t/debian/changelog
--- openssl-1.0.1t/debian/changelog     2016-05-15 21:16:55.000000000 +0200
+++ openssl-1.0.1t/debian/changelog     2016-06-11 19:18:11.000000000 +0200
@@ -1,3 +1,14 @@
+openssl (1.0.1t-1+deb8u3) jessie; urgency=medium
+
+  [ Kurt Roeckx ]
+  * Fix length check for CRLs. (Closes: #826552)
+
+  [ Sebastian Andrzej Siewior ]
+  * Enable asm optimisation for s390x. Patch by Dimitri John Ledkov.
+    (Closes: #833156).
+
+ -- Kurt Roeckx <k...@roeckx.be>  Sat, 11 Jun 2016 19:18:11 +0200
+
 openssl (1.0.1t-1+deb8u2) jessie; urgency=medium
 
   * add Update-S-MIME-certificates.patch to update expired certificates to
diff -Nru openssl-1.0.1t/debian/patches/debian-targets.patch 
openssl-1.0.1t/debian/patches/debian-targets.patch
--- openssl-1.0.1t/debian/patches/debian-targets.patch  2016-05-01 
23:53:42.000000000 +0200
+++ openssl-1.0.1t/debian/patches/debian-targets.patch  2016-06-11 
19:18:11.000000000 +0200
@@ -56,7 +56,7 @@
 +"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK 
DES_RISC1 
DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK 
DES_RISC1 
DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-s390","gcc:-DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT 
DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
-+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK 
DES_INT 
DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-s390x","gcc:-DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK 
DES_INT 
DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-sh3",   "gcc:-DL_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-sh4",   "gcc:-DL_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"debian-sh3eb",   "gcc:-DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
diff -Nru openssl-1.0.1t/debian/patches/Fix-name-length-limit-check.patch 
openssl-1.0.1t/debian/patches/Fix-name-length-limit-check.patch
--- openssl-1.0.1t/debian/patches/Fix-name-length-limit-check.patch     
1970-01-01 01:00:00.000000000 +0100
+++ openssl-1.0.1t/debian/patches/Fix-name-length-limit-check.patch     
2016-06-11 19:16:05.000000000 +0200
@@ -0,0 +1,40 @@
+From b583c1bd069f6928c3973dc6d6864930f6c4bb3e Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <st...@openssl.org>
+Date: Wed, 4 May 2016 16:09:06 +0100
+Subject: [PATCH] Fix name length limit check.
+
+The name length limit check in x509_name_ex_d2i() includes
+the containing structure as well as the actual X509_NAME. This will
+cause large CRLs to be rejected.
+
+Fix by limiting the length passed to ASN1_item_ex_d2i() which will
+then return an error if the passed X509_NAME exceeds the length.
+
+RT#4531
+
+Reviewed-by: Rich Salz <rs...@openssl.org>
+(cherry picked from commit 4e0d184ac1dde845ba9574872e2ae5c903c81dff)
+---
+ crypto/asn1/x_name.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/asn1/x_name.c b/crypto/asn1/x_name.c
+index a858c29..26378fd 100644
+--- a/crypto/asn1/x_name.c
++++ b/crypto/asn1/x_name.c
+@@ -199,10 +199,8 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
+     int i, j, ret;
+     STACK_OF(X509_NAME_ENTRY) *entries;
+     X509_NAME_ENTRY *entry;
+-    if (len > X509_NAME_MAX) {
+-        ASN1err(ASN1_F_X509_NAME_EX_D2I, ASN1_R_TOO_LONG);
+-        return 0;
+-    }
++    if (len > X509_NAME_MAX)
++        len = X509_NAME_MAX;
+     q = p;
+ 
+     /* Get internal representation of Name */
+-- 
+2.8.1
+
diff -Nru openssl-1.0.1t/debian/patches/series 
openssl-1.0.1t/debian/patches/series
--- openssl-1.0.1t/debian/patches/series        2016-05-15 21:16:55.000000000 
+0200
+++ openssl-1.0.1t/debian/patches/series        2016-06-11 19:18:11.000000000 
+0200
@@ -20,3 +20,4 @@
 openssl_fix_for_x32.patch
 ppc64el.patch
 Update-S-MIME-certificates.patch
+Fix-name-length-limit-check.patch

Reply via email to