commit openssl for openSUSE:12.1:Update:Test
Hello community,
here is the log from the commit of package openssl for
openSUSE:12.1:Update:Test checked in at 2012-03-27 15:04:44
Comparing /work/SRC/openSUSE:12.1:Update:Test/openssl (Old)
and /work/SRC/openSUSE:12.1:Update:Test/.openssl.new (New)
Package is "openssl", Maintainer is "g...@suse.com"
Changes:
--- /work/SRC/openSUSE:12.1:Update:Test/openssl/openssl.changes 2012-02-28
13:48:46.0 +0100
+++ /work/SRC/openSUSE:12.1:Update:Test/.openssl.new/openssl.changes
2012-03-27 15:04:46.0 +0200
@@ -1,0 +2,12 @@
+Thu Mar 22 04:50:08 UTC 2012 - g...@suse.com
+
+- fix Bug[bnc#751946] - S/MIME verification may erroneously fail
+ CVE-2012-1165
+
+---
+Wed Mar 21 02:52:31 UTC 2012 - g...@suse.com
+
+- fix bug[bnc#749213]-Free headers after use in error message
+ and bug[bnc#749210]-Symmetric crypto errors in PKCS7_decrypt
+
+---
@@ -5,0 +18 @@
+ CVE-2006-7250
New:
CVE-2012-1165.patch
bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch
bug749213-Free-headers-after-use.patch
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.DFYiYX/_old 2012-03-27 15:04:46.0 +0200
+++ /var/tmp/diff_new_pack.DFYiYX/_new 2012-03-27 15:04:46.0 +0200
@@ -57,6 +57,9 @@
Patch25:CVE-2012-0027.patch
Patch26:CVE-2012-0050.patch
Patch27:Bug748738_Tolerate_bad_MIME_headers.patch
+Patch28:bug749213-Free-headers-after-use.patch
+Patch29:bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch
+Patch30:CVE-2012-1165.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -201,6 +204,9 @@
%patch25 -p1
%patch26 -p1
%patch27 -p1
+%patch28 -p1
+%patch29 -p1
+%patch30 -p1
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
#
$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
++ CVE-2012-1165.patch ++
Index: openssl-1.0.0g/crypto/asn1/asn_mime.c
===
--- openssl-1.0.0g.orig/crypto/asn1/asn_mime.c
+++ openssl-1.0.0g/crypto/asn1/asn_mime.c
@@ -858,9 +858,8 @@ static int mime_hdr_addparam(MIME_HEADER
static int mime_hdr_cmp(const MIME_HEADER * const *a,
const MIME_HEADER * const *b)
{
- if ((*a)->name == NULL || (*b)->name == NULL)
- return (*a)->name - (*b)->name < 0 ? -1 :
- (*a)->name - (*b)->name > 0 ? 1 : 0;
+ if (!(*a)->name || !(*b)->name)
+ return !!(*a)->name - !!(*b)->name;
return(strcmp((*a)->name, (*b)->name));
}
@@ -868,6 +867,8 @@ static int mime_hdr_cmp(const MIME_HEADE
static int mime_param_cmp(const MIME_PARAM * const *a,
const MIME_PARAM * const *b)
{
+ if (!(*a)->param_name || !(*b)->param_name)
+ return !!(*a)->param_name - !!(*b)->param_name;
return(strcmp((*a)->param_name, (*b)->param_name));
}
++ bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch ++
Index: openssl-1.0.0g/crypto/pkcs7/pk7_smime.c
===
--- openssl-1.0.0g.orig/crypto/pkcs7/pk7_smime.c
+++ openssl-1.0.0g/crypto/pkcs7/pk7_smime.c
@@ -573,15 +573,30 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *p
return 0;
}
ret = SMIME_text(bread, data);
+ if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
+ {
+ if (!BIO_get_cipher_status(tmpmem))
+ ret = 0;
+ }
BIO_free_all(bread);
return ret;
} else {
for(;;) {
i = BIO_read(tmpmem, buf, sizeof(buf));
- if(i <= 0) break;
+ if(i <= 0)
+ {
+ ret = 1;
+ if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
+ {
+ if (!BIO_get_cipher_status(tmpmem))
+ ret = 0;
+ }
+
+ break;
+ }
BIO_write(data, buf, i);
}
BIO_free_all(tmpmem);
- return 1;
+ return ret;
}
}
++ bug749213-Free-headers-after-use.patch ++
Index: openssl-1.0.0g/crypto/asn1/asn_mime.c
commit openssl for openSUSE:12.1:Update:Test
Hello community,
here is the log from the commit of package openssl for
openSUSE:12.1:Update:Test checked in at 2012-02-28 13:48:44
Comparing /work/SRC/openSUSE:12.1:Update:Test/openssl (Old)
and /work/SRC/openSUSE:12.1:Update:Test/.openssl.new (New)
Package is "openssl", Maintainer is "g...@suse.com"
Changes:
--- /work/SRC/openSUSE:12.1:Update:Test/openssl/openssl.changes 2012-02-02
10:37:36.0 +0100
+++ /work/SRC/openSUSE:12.1:Update:Test/.openssl.new/openssl.changes
2012-02-28 13:48:46.0 +0100
@@ -1,0 +2,6 @@
+Fri Feb 24 02:47:47 UTC 2012 - g...@suse.com
+
+- fix bug[bnc#748738] - Tolerate bad MIME headers in openssl's
+ asn1 parser.
+
+---
New:
Bug748738_Tolerate_bad_MIME_headers.patch
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.WC9W6I/_old 2012-02-28 13:48:46.0 +0100
+++ /var/tmp/diff_new_pack.WC9W6I/_new 2012-02-28 13:48:46.0 +0100
@@ -56,6 +56,7 @@
Patch24:CVE-2011-4619.patch
Patch25:CVE-2012-0027.patch
Patch26:CVE-2012-0050.patch
+Patch27:Bug748738_Tolerate_bad_MIME_headers.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -199,6 +200,7 @@
%patch24 -p1
%patch25 -p1
%patch26 -p1
+%patch27 -p1
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
#
$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
++ Bug748738_Tolerate_bad_MIME_headers.patch ++
Index: openssl-1.0.0g/crypto/asn1/asn_mime.c
===
--- openssl-1.0.0g.orig/crypto/asn1/asn_mime.c
+++ openssl-1.0.0g/crypto/asn1/asn_mime.c
@@ -858,6 +858,10 @@ static int mime_hdr_addparam(MIME_HEADER
static int mime_hdr_cmp(const MIME_HEADER * const *a,
const MIME_HEADER * const *b)
{
+ if ((*a)->name == NULL || (*b)->name == NULL)
+ return (*a)->name - (*b)->name < 0 ? -1 :
+ (*a)->name - (*b)->name > 0 ? 1 : 0;
+
return(strcmp((*a)->name, (*b)->name));
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openssl for openSUSE:12.1:Update:Test
Hello community,
here is the log from the commit of package openssl for
openSUSE:12.1:Update:Test checked in at 2012-02-02 10:37:34
Comparing /work/SRC/openSUSE:12.1:Update:Test/openssl (Old)
and /work/SRC/openSUSE:12.1:Update:Test/.openssl.new (New)
Package is "openssl", Maintainer is "g...@suse.com"
Changes:
--- /work/SRC/openSUSE:12.1:Update:Test/openssl/openssl.changes 2012-01-11
18:27:42.0 +0100
+++ /work/SRC/openSUSE:12.1:Update:Test/.openssl.new/openssl.changes
2012-02-02 10:37:36.0 +0100
@@ -1,0 +2,6 @@
+Thu Feb 2 07:14:05 UTC 2012 - g...@suse.com
+
+- fix security bug [bnc#742821] - DTLS DoS Attack
+ CVE-2012-0050
+
+---
New:
CVE-2012-0050.patch
Other differences:
--
++ openssl.spec ++
--- /var/tmp/diff_new_pack.VtZd7Y/_old 2012-02-02 10:37:36.0 +0100
+++ /var/tmp/diff_new_pack.VtZd7Y/_new 2012-02-02 10:37:36.0 +0100
@@ -31,7 +31,6 @@
Obsoletes: openssl-64bit
%endif
#
-#Version:1.0.0
Version:1.0.0e
Release:1
Summary:Secure Sockets and Transport Layer Security
@@ -56,6 +55,7 @@
Patch23:CVE-2011-4577.patch
Patch24:CVE-2011-4619.patch
Patch25:CVE-2012-0027.patch
+Patch26:CVE-2012-0050.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -198,6 +198,7 @@
%patch23 -p1
%patch24 -p1
%patch25 -p1
+%patch26 -p1
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
#
$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
++ CVE-2012-0050.patch ++
Index: openssl-1.0.0e/ssl/d1_pkt.c
===
--- openssl-1.0.0e.orig/ssl/d1_pkt.c
+++ openssl-1.0.0e/ssl/d1_pkt.c
@@ -376,6 +376,7 @@ dtls1_process_record(SSL *s)
unsigned int mac_size;
unsigned char md[EVP_MAX_MD_SIZE];
int decryption_failed_or_bad_record_mac = 0;
+ unsigned char *mac = NULL;
rr= &(s->s3->rrec);
@@ -447,19 +448,15 @@ printf("\n");
#endif
}
/* check the MAC for rr->input (it's in mac_size bytes at the
tail) */
- if (rr->length < mac_size)
+ if (rr->length >= mac_size)
{
-#if 0 /* OK only for stream ciphers */
- al=SSL_AD_DECODE_ERROR;
-
SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
- goto f_err;
-#else
- decryption_failed_or_bad_record_mac = 1;
-#endif
+ rr->length -= mac_size;
+ mac = &rr->data[rr->length];
}
- rr->length-=mac_size;
+ else
+ rr->length = 0;
i=s->method->ssl3_enc->mac(s,md,0);
- if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+ if (i < 0 || mac == NULL || memcmp(md, mac, mac_size) != 0)
{
decryption_failed_or_bad_record_mac = 1;
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
