Hello community,
here is the log from the commit of package openssl for
openSUSE:11.4:Update:Test checked in at 2012-03-26 15:43:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:11.4:Update:Test/openssl (Old)
and /work/SRC/openSUSE:11.4:Update:Test/.openssl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssl", Maintainer is "g...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:11.4:Update:Test/openssl/openssl.changes 2012-03-19
17:47:06.000000000 +0100
+++ /work/SRC/openSUSE:11.4:Update:Test/.openssl.new/openssl.changes
2012-03-26 15:43:15.000000000 +0200
@@ -1,0 +2,12 @@
+Thu Mar 22 04:54:58 UTC 2012 - g...@suse.com
+
+- fix Bug[bnc#751946] - S/MIME verification may erroneously fail
+ CVE-2012-1165
+
+-------------------------------------------------------------------
+Wed Mar 21 03:00:20 UTC 2012 - g...@suse.com
+
+- fix bug[bnc#749213]-Free headers after use in error message
+ and bug[bnc#749210]-Symmetric crypto errors in PKCS7_decrypt
+
+-------------------------------------------------------------------
@@ -5,0 +18 @@
+ CVE-2006-7250
New:
----
CVE-2012-1165.patch
bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch
bug749213-Free-headers-after-use.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssl.spec ++++++
--- /var/tmp/diff_new_pack.k8MudA/_old 2012-03-26 15:43:15.000000000 +0200
+++ /var/tmp/diff_new_pack.k8MudA/_new 2012-03-26 15:43:15.000000000 +0200
@@ -57,6 +57,9 @@
Patch25: CVE-2012-0027.patch
Patch26: CVE-2012-0050.patch
Patch27: Bug748738_Tolerate_bad_MIME_headers.patch
+Patch28: bug749213-Free-headers-after-use.patch
+Patch29: bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch
+Patch30: CVE-2012-1165.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -201,6 +204,9 @@
%patch25 -p1
%patch26 -p1
%patch27 -p1
+%patch28 -p1
+%patch29 -p1
+%patch30 -p1
cp -p %{S:10} .
echo "adding/overwriting some entries in the 'table' hash in Configure"
#
$dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags
++++++ CVE-2012-1165.patch ++++++
Index: openssl-1.0.0g/crypto/asn1/asn_mime.c
===================================================================
--- openssl-1.0.0g.orig/crypto/asn1/asn_mime.c
+++ openssl-1.0.0g/crypto/asn1/asn_mime.c
@@ -858,9 +858,8 @@ static int mime_hdr_addparam(MIME_HEADER
static int mime_hdr_cmp(const MIME_HEADER * const *a,
const MIME_HEADER * const *b)
{
- if ((*a)->name == NULL || (*b)->name == NULL)
- return (*a)->name - (*b)->name < 0 ? -1 :
- (*a)->name - (*b)->name > 0 ? 1 : 0;
+ if (!(*a)->name || !(*b)->name)
+ return !!(*a)->name - !!(*b)->name;
return(strcmp((*a)->name, (*b)->name));
}
@@ -868,6 +867,8 @@ static int mime_hdr_cmp(const MIME_HEADE
static int mime_param_cmp(const MIME_PARAM * const *a,
const MIME_PARAM * const *b)
{
+ if (!(*a)->param_name || !(*b)->param_name)
+ return !!(*a)->param_name - !!(*b)->param_name;
return(strcmp((*a)->param_name, (*b)->param_name));
}
++++++ bug749210-Symmetric-crypto-errors-in-PKCS7_decrypt.patch ++++++
Index: openssl-1.0.0g/crypto/pkcs7/pk7_smime.c
===================================================================
--- openssl-1.0.0g.orig/crypto/pkcs7/pk7_smime.c
+++ openssl-1.0.0g/crypto/pkcs7/pk7_smime.c
@@ -573,15 +573,30 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *p
return 0;
}
ret = SMIME_text(bread, data);
+ if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
+ {
+ if (!BIO_get_cipher_status(tmpmem))
+ ret = 0;
+ }
BIO_free_all(bread);
return ret;
} else {
for(;;) {
i = BIO_read(tmpmem, buf, sizeof(buf));
- if(i <= 0) break;
+ if(i <= 0)
+ {
+ ret = 1;
+ if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
+ {
+ if (!BIO_get_cipher_status(tmpmem))
+ ret = 0;
+ }
+
+ break;
+ }
BIO_write(data, buf, i);
}
BIO_free_all(tmpmem);
- return 1;
+ return ret;
}
}
++++++ bug749213-Free-headers-after-use.patch ++++++
Index: openssl-1.0.0g/crypto/asn1/asn_mime.c
===================================================================
--- openssl-1.0.0g.orig/crypto/asn1/asn_mime.c
+++ openssl-1.0.0g/crypto/asn1/asn_mime.c
@@ -486,9 +486,9 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BI
if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
strcmp(hdr->value, "application/pkcs7-signature")) {
- sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
ERR_add_error_data(2, "type: ", hdr->value);
+ sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
sk_BIO_pop_free(parts, BIO_vfree);
return NULL;
}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
