Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=383aabd1ca28d9e080eaf41589da83fd9c801249
commit 383aabd1ca28d9e080eaf41589da83fd9c801249
Author: kikadf kikadf...@gmail.com
Date: Sun Jan 12 10:17:44 2014 +0100
openssl-1.0.1-5-x86_64
* Fix CVE-2013-4353
* Fix CVE-2013-6449
* Fix CVE-2013-6450
diff --git a/source/base/openssl/CVE-2013-4353.patch
b/source/base/openssl/CVE-2013-4353.patch
new file mode 100644
index 000..139b68f
--- /dev/null
+++ b/source/base/openssl/CVE-2013-4353.patch
@@ -0,0 +1,25 @@
+From: Dr. Stephen Henson st...@openssl.org
+Date: Mon, 6 Jan 2014 14:35:04 +
+Subject: [PATCH] Fix for TLS record tampering bug CVE-2013-4353
+Origin: upstream, commit:197e0ea817ad64820789d86711d55ff50d71f631
+
+diff --git a/ssl/s3_both.c b/ssl/s3_both.c
+index 1e5dcab..53b9390 100644
+--- a/ssl/s3_both.c
b/ssl/s3_both.c
+@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s)
+ {
+ const char *sender;
+ int slen;
+-
++ /* If no new cipher setup return immediately: other functions will
++ * set the appropriate error.
++ */
++ if (s-s3-tmp.new_cipher == NULL)
++ return;
+ if (s-state SSL_ST_CONNECT)
+ {
+ sender=s-method-ssl3_enc-server_finished_label;
+--
+1.8.5.2
+
diff --git a/source/base/openssl/CVE-2013-6449.patch
b/source/base/openssl/CVE-2013-6449.patch
new file mode 100644
index 000..eba717a
--- /dev/null
+++ b/source/base/openssl/CVE-2013-6449.patch
@@ -0,0 +1,83 @@
+Author: Dr. Stephen Henson st...@openssl.org
+Date: Thu Dec 19 14:37:39 2013 +
+Subject: Fix CVE-2013-6449
+
+This is a combination of upstream commits:
+0294b2be5f4c11e60620c0018674ff0e17b14238
+ca989269a2876bae79393bd54c3e72d49975fc75
+
+diff --git a/ssl/s3_both.c b/ssl/s3_both.c
+index ead01c8..1e5dcab 100644
+--- a/ssl/s3_both.c
b/ssl/s3_both.c
+@@ -161,6 +161,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char
*sender, int slen)
+
+ i=s-method-ssl3_enc-final_finish_mac(s,
+ sender,slen,s-s3-tmp.finish_md);
++ if (i == 0)
++ return 0;
+ s-s3-tmp.finish_md_len = i;
+ memcpy(p, s-s3-tmp.finish_md, i);
+ p+=i;
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index 804291e..c4bc4e7 100644
+--- a/ssl/s3_pkt.c
b/ssl/s3_pkt.c
+@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
+ slen=s-method-ssl3_enc-client_finished_label_len;
+ }
+
+- s-s3-tmp.peer_finish_md_len = s-method-ssl3_enc-final_finish_mac(s,
++ i = s-method-ssl3_enc-final_finish_mac(s,
+ sender,slen,s-s3-tmp.peer_finish_md);
++ if (i == 0)
++ {
++ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++ s-s3-tmp.peer_finish_md_len = i;
+
+ return(1);
+ }
+diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
+index 809ad2e..72015f5 100644
+--- a/ssl/t1_enc.c
b/ssl/t1_enc.c
+@@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s,
+ if (mask ssl_get_algorithm2(s))
+ {
+ int hashsize = EVP_MD_size(md);
+- if (hashsize 0 || hashsize (int)(sizeof buf -
(size_t)(q-buf)))
++ EVP_MD_CTX *hdgst = s-s3-handshake_dgst[idx];
++ if (!hdgst || hashsize 0 || hashsize (int)(sizeof
buf - (size_t)(q-buf)))
+ {
+ /* internal error: 'buf' is too small for this
cipersuite! */
+ err = 1;
+ }
+ else
+ {
+-
EVP_MD_CTX_copy_ex(ctx,s-s3-handshake_dgst[idx]);
+- EVP_DigestFinal_ex(ctx,q,i);
+- if (i != (unsigned int)hashsize) /* can't
really happen */
++ if (!EVP_MD_CTX_copy_ex(ctx, hdgst) ||
++ !EVP_DigestFinal_ex(ctx,q,i) ||
++ (i != (unsigned int)hashsize))
+ err = 1;
+- q+=i;
++ q+=hashsize;
+ }
+ }
+ }
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
+index bf832bb..c4ef273 100644
+--- a/ssl/s3_lib.c
b/ssl/s3_lib.c
+@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
+ long ssl_get_algorithm2(SSL *s)
+ {
+ long alg2 = s-s3-tmp.new_cipher-algorithm2;
+- if (TLS1_get_version(s) = TLS1_2_VERSION
++ if (s-method-version == TLS1_2_VERSION
+ alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+ return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+ return alg2;
diff --git