OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/boinc-client?expand=0&rev=4

2009-01-14 23:38:19 +00:00 · 2009-01-14 23:38:19 +00:00 · c48a0ba0f9
commit c48a0ba0f9
parent f781d52c1f
3 changed files with 98 additions and 2 deletions
--- a/bnc_465676.patch
+++ b/bnc_465676.patch
@ -0,0 +1,81 @@
+diff -Naur boinc-6.2.18/checkin_notes boinc-6.2.18-mp/checkin_notes
+--- boinc-6.2.18/checkin_notes	2008-08-25 16:29:18.000000000 -0400
+++ boinc-6.2.18-mp/checkin_notes	2009-01-14 14:05:04.000000000 -0500
+@@ -1,3 +1,13 @@
+David  Jan 12 2009 
+    - lib: check return values of RSA_*() functions. 
+       Also fix a memory leak, missing RSA_free(). 
+       Fixes #823. 
+
+    lib/ 
+       crypt.cpp 
+       error_numbers.h 
+       str_util.cpp 
+
+ David  Jan 1 2008
+     - fixed bug in upgrade
+ 
+diff -Naur boinc-6.2.18/lib/crypt.C boinc-6.2.18-mp/lib/crypt.C
+--- boinc-6.2.18/lib/crypt.C	2008-08-25 16:27:59.000000000 -0400
+++ boinc-6.2.18-mp/lib/crypt.C	2009-01-14 14:08:24.000000000 -0500
+@@ -210,7 +210,7 @@
+ // The output block must be decrypted in its entirety.
+ //
+ int encrypt_private(R_RSA_PRIVATE_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out) {
+-    int n, modulus_len;
+    int n, modulus_len, retval;
+ 
+     modulus_len = (key.bits+7)/8;
+     n = in.len;
+@@ -219,17 +219,27 @@
+     }
+     RSA* rp = RSA_new();
+     private_to_openssl(key, rp);
+-    RSA_private_encrypt(n, in.data, out.data, rp, RSA_PKCS1_PADDING);
+    retval = RSA_private_encrypt(n, in.data, out.data, rp, RSA_PKCS1_PADDING);
+    if (retval < 0) { 
+	RSA_free(rp); 
+	return ERR_CRYPTO; 
+    } 
+     out.len = RSA_size(rp);
+     RSA_free(rp);
+     return 0;
+ }
+ 
+ int decrypt_public(R_RSA_PUBLIC_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out) {
+    int retval; 
+     RSA* rp = RSA_new();
+     public_to_openssl(key, rp);
+-    RSA_public_decrypt(in.len, in.data, out.data, rp, RSA_PKCS1_PADDING);
+    retval = RSA_public_decrypt(in.len, in.data, out.data, rp, RSA_PKCS1_PADDING);
+    if (retval < 0) { 
+	RSA_free(rp); 
+	return ERR_CRYPTO; 
+    } 
+     out.len = RSA_size(rp);
+    RSA_free(rp); 
+     return 0;
+ }
+ 
+diff -Naur boinc-6.2.18/lib/error_numbers.h boinc-6.2.18-mp/lib/error_numbers.h
+--- boinc-6.2.18/lib/error_numbers.h	2008-08-25 16:27:59.000000000 -0400
+++ boinc-6.2.18-mp/lib/error_numbers.h	2009-01-14 14:12:59.000000000 -0500
+@@ -187,6 +187,7 @@
+ #define ERR_CHILD_FAILED    -228
+ #define ERR_SYMLINK         -229
+ #define ERR_DB_CONN_LOST    -230
+#define ERR_CRYPTO           -231
+ 
+ // PLEASE: add a text description of your error to 
+ // the text description function boincerror() in str_util.C.
+diff -Naur boinc-6.2.18/lib/str_util.C boinc-6.2.18-mp/lib/str_util.C
+--- boinc-6.2.18/lib/str_util.C	2008-08-25 16:27:59.000000000 -0400
+++ boinc-6.2.18-mp/lib/str_util.C	2009-01-14 14:13:57.000000000 -0500
+@@ -735,6 +735,7 @@
+         case ERR_BAD_FILENAME: return "file name is empty or has '..'";
+         case ERR_TOO_MANY_EXITS: return "application exited too many times";
+         case ERR_RMDIR: return "rmdir() failed";
+        case ERR_CRYPTO: return "encryption error";
+         case 404: return "HTTP file not found";
+         case 407: return "HTTP proxy authentication failure";
+         case 416: return "HTTP range request error";
--- a/boinc-client.changes
+++ b/boinc-client.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Wed Jan 14 14:39:47 EST 2009 - mauro@suse.de
+
+- Added bnc_465676.patch to fix bnc#465676. 
+  + Fixes CVE-2008-5077
+  + check return values of RSA_*() functions.
+  + fix a memory leak, missing RSA_free(). 
+
 -------------------------------------------------------------------
 Tue Dec 23 20:24:44 CET 2008 - mauro@suse.de

--- a/boinc-client.spec
+++ b/boinc-client.spec
@ -21,7 +21,7 @@
 Name:           boinc-client
 Summary:        The Berkeley Open Infrastructure for Network Computing (BOINC)
 Version:        6.2.18
-Release:        3
+Release:        5
 Url:            http://boinc.berkeley.edu/
 Source0:        boinc-%{version}.tar.bz2
 Source1:        boinc-icons.tar.bz2
@ -36,6 +36,7 @@ Patch4:         boinc-subdirs.patch
 Patch5:         bnc-431510.patch
 Patch6:         bnc_439037.patch
 Patch7:         bnc_442904.patch
+Patch8:         bnc_465676.patch
 License:        LGPL v2.1 only
 Group:          Productivity/Clustering/Computing
 BuildRequires:  libcurl-devel >= 7.15.2 python-mysql update-desktop-files
@ -155,6 +156,7 @@ mkdir $RPM_BUILD_ROOT
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1 
 tar -xvjf %{S:1}

 %build
@ -241,13 +243,18 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/*a

 %changelog
+* Wed Jan 14 2009 mauro@suse.de
+- Added bnc_465676.patch to fix bnc#465676.
+  + Fixes CVE-2008-5077
+  + check return values of RSA_*() functions.
+  + fix a memory leak, missing RSA_free().
 * Tue Dec 23 2008 mauro@suse.de
 - Added bnc_442904.patch to fix bnc#442904.
  + Use the proper delete.
 * Mon Nov 03 2008 mauro@suse.de
 - Add bnc_439037.patch to fix bnc#439037. We now use strcmp
  instead of the original ==.
-* Sat Oct 04 2008 mauro@suse.de
+* Fri Oct 03 2008 mauro@suse.de
 - Add bnc-431510.patch to fix bnc#431510.
 * Mon Sep 08 2008 mauro@suse.de
 - initial package for SuSE. boinc 6.2.18 (based on the enzokiel's