rpms/openssl096b/FC-3 openssl-0.9.6b-cve-2004-0079.patch, NONE, 1.1 openssl-0.9.6b-recursion.patch, NONE, 1.1 openssl.spec, 1.8, 1.9
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Oct 31 18:14:16 UTC 2005
Author: tmraz
Update of /cvs/dist/rpms/openssl096b/FC-3
In directory cvs.devel.redhat.com:/tmp/cvs-serv30698
Modified Files:
openssl.spec
Added Files:
openssl-0.9.6b-cve-2004-0079.patch
openssl-0.9.6b-recursion.patch
Log Message:
* Mon Oct 31 2005 Tomas Mraz <tmraz at redhat.com> 0.9.6b-21.42
- fix CVE-2004-0079 - prevent a null pointer assignment in
do_change_cipher_spec()
- add security fix for CVE-2003-0851 to sync with 2.1AS
openssl-0.9.6b-cve-2004-0079.patch:
s3_pkt.c | 7 +++++++
1 files changed, 7 insertions(+)
--- NEW FILE openssl-0.9.6b-cve-2004-0079.patch ---
Prevents a null-pointer assignment in the
do_change_cipher_spec() function (CVE-2004-0079).
--- openssl-engine-0.9.6b/ssl/s3_pkt.c Mon Sep 26 17:08:06 2005
+++ openssl-engine-0.9.6b/ssl/s3_pkt.c.dccs Mon Sep 26 17:12:12 2005
@@ -1035,6 +1035,13 @@
goto err;
}
+ /* Check we have a cipher to change to */
+ if (s->s3->tmp.new_cipher == NULL) {
+ al=SSL_AD_UNEXPECTED_MESSAGE;
+ SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
+ goto f_err;
+ }
+
rr->length=0;
s->s3->change_cipher_spec=1;
if (!do_change_cipher_spec(s))
openssl-0.9.6b-recursion.patch:
a_bytes.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
--- NEW FILE openssl-0.9.6b-recursion.patch ---
CAN-2003-0851
Patch from Dr Stephen N Henson to fix deep recursion in OpenSSL 0.9.6
and an issue there where OpenSSL doesn't work out the remaining length
for indefinite length constructed headers.
diff -ur -x CVS openssl6/crypto/asn1/a_bytes.c ossl6/crypto/asn1/a_bytes.c
--- openssl6/crypto/asn1/a_bytes.c 2000-06-01 23:16:27.000000000 +0100
+++ ossl6/crypto/asn1/a_bytes.c 2003-10-09 12:33:28.000000000 +0100
@@ -201,7 +201,10 @@
c.pp=pp;
c.p=p;
c.inf=inf;
- c.slen=len;
+ if (inf & 1)
+ c.slen = p - *pp;
+ else
+ c.slen=len;
c.tag=Ptag;
c.xclass=Pclass;
c.max=(length == 0)?0:(p+length);
@@ -289,7 +292,7 @@
}
c->q=c->p;
- if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
+ if (d2i_ASN1_bytes(&os,&c->p,c->slen,c->tag,c->xclass)
== NULL)
{
c->error=ERR_R_ASN1_LIB;
Index: openssl.spec
===================================================================
RCS file: /cvs/dist/rpms/openssl096b/FC-3/openssl.spec,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- openssl.spec 11 Oct 2005 19:26:41 -0000 1.8
+++ openssl.spec 31 Oct 2005 18:14:12 -0000 1.9
@@ -4,7 +4,7 @@
Summary: The OpenSSL toolkit.
Name: openssl096b
Version: 0.9.6b
-Release: 21.2
+Release: 21.42
Source: openssl-engine-%{version}-usa.tar.bz2
Source1: hobble-openssl
Source2: Makefile.certificate
@@ -52,6 +52,8 @@
Patch33: openssl-0.9.6b-can-2005-0109.patch
Patch34: openssl-engine-0.9.6b-dsa-consttime.patch
Patch35: openssl-0.9.6b-can-2005-2969.patch
+Patch36: openssl-0.9.6b-recursion.patch
+Patch38: openssl-0.9.6b-cve-2004-0079.patch
License: BSDish
Group: System Environment/Libraries
URL: http://www.openssl.org/
@@ -135,6 +137,8 @@
%patch33 -p1 -b .modexp-consttime
%patch34 -p1 -b .dsa-consttime
%patch35 -p0 -b .ssl2-rollback
+%patch36 -p1 -b .recursion
+%patch38 -p1 -b .dccs
chmod 644 FAQ LICENSE CHANGES NEWS INSTALL README
chmod 644 doc/README doc/c-indentation.el doc/openssl.txt
@@ -306,6 +310,11 @@
%postun -p /sbin/ldconfig
%changelog
+* Mon Oct 31 2005 Tomas Mraz <tmraz at redhat.com> 0.9.6b-21.42
+- fix CVE-2004-0079 - prevent a null pointer assignment in
+ do_change_cipher_spec()
+- add security fix for CVE-2003-0851 to sync with 2.1AS
+
* Thu Oct 6 2005 Tomas Mraz <tmraz at redhat.com> 0.9.6b-21.2
- fix CAN-2005-2969 - remove SSL_OP_MSIE_SSLV2_RSA_PADDING which
disables the countermeasure against man in the middle attack in SSLv2
More information about the fedora-cvs-commits
mailing list