OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Thomas Lotterer
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 18-Mar-2004 10:21:34
Branch: OPENPKG_2_0_SOLID Handle: 2004031809213400
Modified files: (Branch: OPENPKG_2_0_SOLID)
openpkg-src/openssl openssl.patch openssl.spec
Log:
SA-2004.007-openssl; CAN-2004-0079, CAN-2004-0112
Summary:
Revision Changes Path
1.13.2.1 +74 -0 openpkg-src/openssl/openssl.patch
1.51.2.2 +1 -1 openpkg-src/openssl/openssl.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openssl/openssl.patch
============================================================================
$ cvs diff -u -r1.13 -r1.13.2.1 openssl.patch
--- openpkg-src/openssl/openssl.patch 1 Oct 2003 20:12:19 -0000 1.13
+++ openpkg-src/openssl/openssl.patch 18 Mar 2004 09:21:34 -0000 1.13.2.1
@@ -70,3 +70,77 @@
install_docs:
@$(PERL) $(TOP)/util/mkdir-p.pl \
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0079
+ The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k,
+ and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial
+ of service (crash) via a crafted SSL/TLS handshake that causes a
+ null-pointer assignment.
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0112
+ The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c,
+ when using Kerberos ciphersuites, allows remote attackers to cause
+ a denial of service (crash) via a crafted SSL/TLS handshake, which
+ causes an out-of-bounds read.
+
+http://cvs.openssl.org/chngview?cn=12033
+
+Index: ssl/s3_pkt.c
+===================================================================
+RCS file: /e/openssl/cvs/openssl/ssl/s3_pkt.c,v
+retrieving revision 1.46.2.5
+diff -u -p -u -r1.46.2.5 s3_pkt.c
+--- ssl/s3_pkt.c 19 Feb 2003 12:04:16 -0000 1.46.2.5
++++ ssl/s3_pkt.c 16 Mar 2004 14:09:14 -0000
+@@ -1085,6 +1085,14 @@ start:
+ goto err;
+ }
+
++ /* Check we have a cipher to change to */
++ if (s->s3->tmp.new_cipher == NULL)
++ {
++ i=SSL_AD_UNEXPECTED_MESSAGE;
++ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
++ goto err;
++ }
++
+ rr->length=0;
+
+ if (s->msg_callback)
+
+Index: ssl/s3_srvr.c
+===================================================================
+RCS file: /e/openssl/cvs/openssl/ssl/s3_srvr.c,v
+retrieving revision 1.85.2.19
+diff -u -p -u -r1.85.2.19 s3_srvr.c
+--- ssl/s3_srvr.c 27 Dec 2003 16:09:58 -0000 1.85.2.19
++++ ssl/s3_srvr.c 16 Mar 2004 14:09:15 -0000
+@@ -1588,11 +1588,27 @@ static int ssl3_get_client_key_exchange(
+
+ n2s(p,i);
+ enc_ticket.length = i;
++
++ if (n < enc_ticket.length + 6)
++ {
++ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
++ SSL_R_DATA_LENGTH_TOO_LONG);
++ goto err;
++ }
++
+ enc_ticket.data = (char *)p;
+ p+=enc_ticket.length;
+
+ n2s(p,i);
+ authenticator.length = i;
++
++ if (n < enc_ticket.length + authenticator.length + 6)
++ {
++ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
++ SSL_R_DATA_LENGTH_TOO_LONG);
++ goto err;
++ }
++
+ authenticator.data = (char *)p;
+ p+=authenticator.length;
+
+
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssl/openssl.spec
============================================================================
$ cvs diff -u -r1.51.2.1 -r1.51.2.2 openssl.spec
--- openpkg-src/openssl/openssl.spec 18 Feb 2004 14:50:38 -0000 1.51.2.1
+++ openpkg-src/openssl/openssl.spec 18 Mar 2004 09:21:34 -0000 1.51.2.2
@@ -34,7 +34,7 @@
Group: Cryptography
License: BSD-style
Version: 0.9.7c
-Release: 2.0.0
+Release: 2.0.1
# package options
%option with_zlib no
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
