[CVS] OpenPKG: OPENPKG_2_5_SOLID: openpkg-src/openssl/ openssl.patch o...

Wed, 06 Sep 2006 00:20:45 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Christoph Schug
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   06-Sep-2006 09:20:48
  Branch: OPENPKG_2_5_SOLID                Handle: 2006090608204800

  Modified files:           (Branch: OPENPKG_2_5_SOLID)
    openpkg-src/openssl     openssl.patch openssl.spec

  Log:
    modifying package: openssl-0.9.8a 2.5.1 -> 2.5.2

  Summary:
    Revision    Changes     Path
    1.22.2.1    +76 -0      openpkg-src/openssl/openssl.patch
    1.70.2.3    +1  -1      openpkg-src/openssl/openssl.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/openssl/openssl.patch
  ============================================================================
  $ cvs diff -u -r1.22 -r1.22.2.1 openssl.patch
  --- openpkg-src/openssl/openssl.patch 11 Oct 2005 12:11:41 -0000      1.22
  +++ openpkg-src/openssl/openssl.patch 6 Sep 2006 07:20:48 -0000       1.22.2.1
  @@ -20,3 +20,79 @@
   +des_modes - the variants of DES and other crypto algorithms of OpenSSL
    
    =head1 DESCRIPTION
  +
  +-----------------------------------------------------------------------------
  +
  +RSA Signature Forgery (CVE-2006-4339)
  +
  +http://www.openssl.org/news/secadv_20060905.txt
  +http://www.openssl.org/news/patch-CVE-2006-4339.txt
  +
  +Index: crypto/rsa/rsa.h
  +--- crypto/rsa/rsa.h 9 Jan 2006 16:05:18 -0000       1.55.2.4
  ++++ crypto/rsa/rsa.h 4 Sep 2006 15:16:54 -0000
  +@@ -412,6 +412,7 @@
  + #define RSA_R_N_DOES_NOT_EQUAL_P_Q                   127
  + #define RSA_R_OAEP_DECODING_ERROR                    121
  + #define RSA_R_PADDING_CHECK_FAILED                   114
  ++#define RSA_R_PKCS1_PADDING_TOO_SHORT                        105
  + #define RSA_R_P_NOT_PRIME                            128
  + #define RSA_R_Q_NOT_PRIME                            129
  + #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED           130
  +Index: crypto/rsa/rsa_eay.c
  +--- crypto/rsa/rsa_eay.c     14 Jun 2006 08:51:40 -0000      1.46.2.4
  ++++ crypto/rsa/rsa_eay.c     4 Sep 2006 15:16:56 -0000
  +@@ -640,6 +640,15 @@
  +             {
  +     case RSA_PKCS1_PADDING:
  +             r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
  ++            /* Generally signatures should be at least 2/3 padding, though
  ++               this isn't possible for really short keys and some standard
  ++               signature schemes, so don't check if the unpadded data is
  ++               small. */
  ++            if(r > 42 && 3*8*r >= BN_num_bits(rsa->n))
  ++                    {
  ++                    RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, 
RSA_R_PKCS1_PADDING_TOO_SHORT);
  ++                    goto err;
  ++                    }
  +             break;
  +     case RSA_X931_PADDING:
  +             r=RSA_padding_check_X931(to,num,buf,i,num);
  +Index: crypto/rsa/rsa_err.c
  +--- crypto/rsa/rsa_err.c     9 Jan 2006 16:05:18 -0000       1.17.2.3
  ++++ crypto/rsa/rsa_err.c     4 Sep 2006 15:16:57 -0000
  +@@ -142,6 +142,7 @@
  + {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
  + {ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
  + {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
  ++{ERR_REASON(RSA_R_PKCS1_PADDING_TOO_SHORT),"pkcs1 padding too short"},
  + {ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
  + {ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
  + {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not 
supported"},
  +Index: crypto/rsa/rsa_sign.c
  +--- crypto/rsa/rsa_sign.c    26 Apr 2005 22:07:17 -0000      1.21
  ++++ crypto/rsa/rsa_sign.c    4 Sep 2006 15:16:57 -0000
  +@@ -185,6 +185,23 @@
  +             sig=d2i_X509_SIG(NULL,&p,(long)i);
  + 
  +             if (sig == NULL) goto err;
  ++
  ++            /* Excess data can be used to create forgeries */
  ++            if(p != s+i)
  ++                    {
  ++                    RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
  ++                    goto err;
  ++                    }
  ++
  ++            /* Parameters to the signature algorithm can also be used to
  ++               create forgeries */
  ++            if(sig->algor->parameter
  ++               && sig->algor->parameter->type != V_ASN1_NULL)
  ++                    {
  ++                    RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
  ++                    goto err;
  ++                    }
  ++
  +             sigtype=OBJ_obj2nid(sig->algor->algorithm);
  + 
  + 
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/openssl/openssl.spec
  ============================================================================
  $ cvs diff -u -r1.70.2.2 -r1.70.2.3 openssl.spec
  --- openpkg-src/openssl/openssl.spec  25 Feb 2006 17:13:46 -0000      1.70.2.2
  +++ openpkg-src/openssl/openssl.spec  6 Sep 2006 07:20:48 -0000       1.70.2.3
  @@ -33,7 +33,7 @@
   Group:        Cryptography
   License:      BSD-style
   Version:      0.9.8a
  -Release:      2.5.1
  +Release:      2.5.2
   
   #   package options
   %option       with_zlib     no
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org

Reply via email to