OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 18-Mar-2004 10:58:30
Branch: OPENPKG_1_3_SOLID Handle: 2004031809582901
Modified files: (Branch: OPENPKG_1_3_SOLID)
openpkg-src/openssl openssl.patch openssl.spec
Log:
SA-2004.007-openssl; CAN-2004-0079, CAN-2004-0112
Summary:
Revision Changes Path
1.7.2.3.2.3 +76 -0 openpkg-src/openssl/openssl.patch
1.37.2.5.2.4+1 -1 openpkg-src/openssl/openssl.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openssl/openssl.patch
============================================================================
$ cvs diff -u -r1.7.2.3.2.2 -r1.7.2.3.2.3 openssl.patch
--- openpkg-src/openssl/openssl.patch 30 Sep 2003 12:45:42 -0000 1.7.2.3.2.2
+++ openpkg-src/openssl/openssl.patch 18 Mar 2004 09:58:29 -0000 1.7.2.3.2.3
@@ -75,3 +75,79 @@
/* XXX For the final trusted self-signed cert,
* this is a waste of time. That check should
* optional so that e.g. 'openssl x509' can be
+
+-----------------------------------------------------------------------------
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
+ The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k,
+ and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial
+ of service (crash) via a crafted SSL/TLS handshake that causes a
+ null-pointer assignment.
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
+ The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c,
+ when using Kerberos ciphersuites, allows remote attackers to cause
+ a denial of service (crash) via a crafted SSL/TLS handshake, which
+ causes an out-of-bounds read.
+
+http://cvs.openssl.org/chngview?cn=12033
+
+Index: ssl/s3_pkt.c
+===================================================================
+RCS file: /e/openssl/cvs/openssl/ssl/s3_pkt.c,v
+retrieving revision 1.46.2.5
+diff -u -p -u -r1.46.2.5 s3_pkt.c
+--- ssl/s3_pkt.c 19 Feb 2003 12:04:16 -0000 1.46.2.5
++++ ssl/s3_pkt.c 16 Mar 2004 14:09:14 -0000
+@@ -1085,6 +1085,14 @@ start:
+ goto err;
+ }
+
++ /* Check we have a cipher to change to */
++ if (s->s3->tmp.new_cipher == NULL)
++ {
++ i=SSL_AD_UNEXPECTED_MESSAGE;
++ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
++ goto err;
++ }
++
+ rr->length=0;
+
+ if (s->msg_callback)
+
+Index: ssl/s3_srvr.c
+===================================================================
+RCS file: /e/openssl/cvs/openssl/ssl/s3_srvr.c,v
+retrieving revision 1.85.2.19
+diff -u -p -u -r1.85.2.19 s3_srvr.c
+--- ssl/s3_srvr.c 27 Dec 2003 16:09:58 -0000 1.85.2.19
++++ ssl/s3_srvr.c 16 Mar 2004 14:09:15 -0000
+@@ -1588,11 +1588,27 @@ static int ssl3_get_client_key_exchange(
+
+ n2s(p,i);
+ enc_ticket.length = i;
++
++ if (n < enc_ticket.length + 6)
++ {
++ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
++ SSL_R_DATA_LENGTH_TOO_LONG);
++ goto err;
++ }
++
+ enc_ticket.data = (char *)p;
+ p+=enc_ticket.length;
+
+ n2s(p,i);
+ authenticator.length = i;
++
++ if (n < enc_ticket.length + authenticator.length + 6)
++ {
++ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
++ SSL_R_DATA_LENGTH_TOO_LONG);
++ goto err;
++ }
++
+ authenticator.data = (char *)p;
+ p+=authenticator.length;
+
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssl/openssl.spec
============================================================================
$ cvs diff -u -r1.37.2.5.2.3 -r1.37.2.5.2.4 openssl.spec
--- openpkg-src/openssl/openssl.spec 30 Sep 2003 12:45:42 -0000 1.37.2.5.2.3
+++ openpkg-src/openssl/openssl.spec 18 Mar 2004 09:58:30 -0000 1.37.2.5.2.4
@@ -33,7 +33,7 @@
Group: Cryptography
License: BSD-style
Version: 0.9.7b
-Release: 1.3.2
+Release: 1.3.3
# package options
%option with_zlib no
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
