commit openssl for openSUSE:12.1:Update:Test
Hello community, here is the log from the commit of package openssl for openSUSE:12.1:Update:Test checked in at 2012-03-27 15:04:44 Comparing /work/SRC/openSUSE:12.1:Update:Test/openssl (Old) and /work/SRC/openSUSE:12.1:Update:Test/.openssl.new (New) Package is "openssl", Maintainer is "g...@suse.com" Changes: --- /work/SRC/openSUSE:12.1:Update:Test/openssl/openssl.changes 2012-02-28 13:48:46.0 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.openssl.new/openssl.changes 2012-03-27 15:04:46.0 +0200 @@ -1,0 +2,12 @@ +Thu Mar 22 04:50:08 UTC 2012 - g...@suse.com + +- fix Bug[bnc#751946] - S/MIME verification may erroneously fail + CVE-2012-1165 + +--- +Wed Mar 21 02:52:31 UTC 2012 - g...@suse.com + +- fix bug[bnc#749213]-Free headers after use in error message + and bug[bnc#749210]-Symmetric crypto errors in PKCS7_decrypt + +--- @@ -5,0 +18 @@ + CVE-2006-7250 New: CVE-2012-1165.patch bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch bug749213-Free-headers-after-use.patch Other differences: -- ++ openssl.spec ++ --- /var/tmp/diff_new_pack.DFYiYX/_old 2012-03-27 15:04:46.0 +0200 +++ /var/tmp/diff_new_pack.DFYiYX/_new 2012-03-27 15:04:46.0 +0200 @@ -57,6 +57,9 @@ Patch25:CVE-2012-0027.patch Patch26:CVE-2012-0050.patch Patch27:Bug748738_Tolerate_bad_MIME_headers.patch +Patch28:bug749213-Free-headers-after-use.patch +Patch29:bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch +Patch30:CVE-2012-1165.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -201,6 +204,9 @@ %patch25 -p1 %patch26 -p1 %patch27 -p1 +%patch28 -p1 +%patch29 -p1 +%patch30 -p1 cp -p %{S:10} . echo "adding/overwriting some entries in the 'table' hash in Configure" # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags ++ CVE-2012-1165.patch ++ Index: openssl-1.0.0g/crypto/asn1/asn_mime.c === --- openssl-1.0.0g.orig/crypto/asn1/asn_mime.c +++ openssl-1.0.0g/crypto/asn1/asn_mime.c @@ -858,9 +858,8 @@ static int mime_hdr_addparam(MIME_HEADER static int mime_hdr_cmp(const MIME_HEADER * const *a, const MIME_HEADER * const *b) { - if ((*a)->name == NULL || (*b)->name == NULL) - return (*a)->name - (*b)->name < 0 ? -1 : - (*a)->name - (*b)->name > 0 ? 1 : 0; + if (!(*a)->name || !(*b)->name) + return !!(*a)->name - !!(*b)->name; return(strcmp((*a)->name, (*b)->name)); } @@ -868,6 +867,8 @@ static int mime_hdr_cmp(const MIME_HEADE static int mime_param_cmp(const MIME_PARAM * const *a, const MIME_PARAM * const *b) { + if (!(*a)->param_name || !(*b)->param_name) + return !!(*a)->param_name - !!(*b)->param_name; return(strcmp((*a)->param_name, (*b)->param_name)); } ++ bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch ++ Index: openssl-1.0.0g/crypto/pkcs7/pk7_smime.c === --- openssl-1.0.0g.orig/crypto/pkcs7/pk7_smime.c +++ openssl-1.0.0g/crypto/pkcs7/pk7_smime.c @@ -573,15 +573,30 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *p return 0; } ret = SMIME_text(bread, data); + if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) + { + if (!BIO_get_cipher_status(tmpmem)) + ret = 0; + } BIO_free_all(bread); return ret; } else { for(;;) { i = BIO_read(tmpmem, buf, sizeof(buf)); - if(i <= 0) break; + if(i <= 0) + { + ret = 1; + if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) + { + if (!BIO_get_cipher_status(tmpmem)) + ret = 0; + } + + break; + } BIO_write(data, buf, i); } BIO_free_all(tmpmem); - return 1; + return ret; } } ++ bug749213-Free-headers-after-use.patch ++ Index: openssl-1.0.0g/crypto/asn1/asn_mime.c
commit openssl for openSUSE:12.1:Update:Test
Hello community, here is the log from the commit of package openssl for openSUSE:12.1:Update:Test checked in at 2012-02-28 13:48:44 Comparing /work/SRC/openSUSE:12.1:Update:Test/openssl (Old) and /work/SRC/openSUSE:12.1:Update:Test/.openssl.new (New) Package is "openssl", Maintainer is "g...@suse.com" Changes: --- /work/SRC/openSUSE:12.1:Update:Test/openssl/openssl.changes 2012-02-02 10:37:36.0 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.openssl.new/openssl.changes 2012-02-28 13:48:46.0 +0100 @@ -1,0 +2,6 @@ +Fri Feb 24 02:47:47 UTC 2012 - g...@suse.com + +- fix bug[bnc#748738] - Tolerate bad MIME headers in openssl's + asn1 parser. + +--- New: Bug748738_Tolerate_bad_MIME_headers.patch Other differences: -- ++ openssl.spec ++ --- /var/tmp/diff_new_pack.WC9W6I/_old 2012-02-28 13:48:46.0 +0100 +++ /var/tmp/diff_new_pack.WC9W6I/_new 2012-02-28 13:48:46.0 +0100 @@ -56,6 +56,7 @@ Patch24:CVE-2011-4619.patch Patch25:CVE-2012-0027.patch Patch26:CVE-2012-0050.patch +Patch27:Bug748738_Tolerate_bad_MIME_headers.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -199,6 +200,7 @@ %patch24 -p1 %patch25 -p1 %patch26 -p1 +%patch27 -p1 cp -p %{S:10} . echo "adding/overwriting some entries in the 'table' hash in Configure" # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags ++ Bug748738_Tolerate_bad_MIME_headers.patch ++ Index: openssl-1.0.0g/crypto/asn1/asn_mime.c === --- openssl-1.0.0g.orig/crypto/asn1/asn_mime.c +++ openssl-1.0.0g/crypto/asn1/asn_mime.c @@ -858,6 +858,10 @@ static int mime_hdr_addparam(MIME_HEADER static int mime_hdr_cmp(const MIME_HEADER * const *a, const MIME_HEADER * const *b) { + if ((*a)->name == NULL || (*b)->name == NULL) + return (*a)->name - (*b)->name < 0 ? -1 : + (*a)->name - (*b)->name > 0 ? 1 : 0; + return(strcmp((*a)->name, (*b)->name)); } -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openssl for openSUSE:12.1:Update:Test
Hello community, here is the log from the commit of package openssl for openSUSE:12.1:Update:Test checked in at 2012-02-02 10:37:34 Comparing /work/SRC/openSUSE:12.1:Update:Test/openssl (Old) and /work/SRC/openSUSE:12.1:Update:Test/.openssl.new (New) Package is "openssl", Maintainer is "g...@suse.com" Changes: --- /work/SRC/openSUSE:12.1:Update:Test/openssl/openssl.changes 2012-01-11 18:27:42.0 +0100 +++ /work/SRC/openSUSE:12.1:Update:Test/.openssl.new/openssl.changes 2012-02-02 10:37:36.0 +0100 @@ -1,0 +2,6 @@ +Thu Feb 2 07:14:05 UTC 2012 - g...@suse.com + +- fix security bug [bnc#742821] - DTLS DoS Attack + CVE-2012-0050 + +--- New: CVE-2012-0050.patch Other differences: -- ++ openssl.spec ++ --- /var/tmp/diff_new_pack.VtZd7Y/_old 2012-02-02 10:37:36.0 +0100 +++ /var/tmp/diff_new_pack.VtZd7Y/_new 2012-02-02 10:37:36.0 +0100 @@ -31,7 +31,6 @@ Obsoletes: openssl-64bit %endif # -#Version:1.0.0 Version:1.0.0e Release:1 Summary:Secure Sockets and Transport Layer Security @@ -56,6 +55,7 @@ Patch23:CVE-2011-4577.patch Patch24:CVE-2011-4619.patch Patch25:CVE-2012-0027.patch +Patch26:CVE-2012-0050.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -198,6 +198,7 @@ %patch23 -p1 %patch24 -p1 %patch25 -p1 +%patch26 -p1 cp -p %{S:10} . echo "adding/overwriting some entries in the 'table' hash in Configure" # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags ++ CVE-2012-0050.patch ++ Index: openssl-1.0.0e/ssl/d1_pkt.c === --- openssl-1.0.0e.orig/ssl/d1_pkt.c +++ openssl-1.0.0e/ssl/d1_pkt.c @@ -376,6 +376,7 @@ dtls1_process_record(SSL *s) unsigned int mac_size; unsigned char md[EVP_MAX_MD_SIZE]; int decryption_failed_or_bad_record_mac = 0; + unsigned char *mac = NULL; rr= &(s->s3->rrec); @@ -447,19 +448,15 @@ printf("\n"); #endif } /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ - if (rr->length < mac_size) + if (rr->length >= mac_size) { -#if 0 /* OK only for stream ciphers */ - al=SSL_AD_DECODE_ERROR; - SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT); - goto f_err; -#else - decryption_failed_or_bad_record_mac = 1; -#endif + rr->length -= mac_size; + mac = &rr->data[rr->length]; } - rr->length-=mac_size; + else + rr->length = 0; i=s->method->ssl3_enc->mac(s,md,0); - if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0) + if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0) { decryption_failed_or_bad_record_mac = 1; } -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org