From c48a0ba0f9edb403e5a02354e44372c95dce09be05a2aac2f58f0b249a99c48a Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Wed, 14 Jan 2009 23:38:19 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/boinc-client?expand=0&rev=4 --- bnc_465676.patch | 81 ++++++++++++++++++++++++++++++++++++++++++++ boinc-client.changes | 8 +++++ boinc-client.spec | 11 ++++-- 3 files changed, 98 insertions(+), 2 deletions(-) create mode 100644 bnc_465676.patch diff --git a/bnc_465676.patch b/bnc_465676.patch new file mode 100644 index 0000000..4ab6b92 --- /dev/null +++ b/bnc_465676.patch @@ -0,0 +1,81 @@ +diff -Naur boinc-6.2.18/checkin_notes boinc-6.2.18-mp/checkin_notes +--- boinc-6.2.18/checkin_notes 2008-08-25 16:29:18.000000000 -0400 ++++ boinc-6.2.18-mp/checkin_notes 2009-01-14 14:05:04.000000000 -0500 +@@ -1,3 +1,13 @@ ++David Jan 12 2009 ++ - lib: check return values of RSA_*() functions. ++ Also fix a memory leak, missing RSA_free(). ++ Fixes #823. ++ ++ lib/ ++ crypt.cpp ++ error_numbers.h ++ str_util.cpp ++ + David Jan 1 2008 + - fixed bug in upgrade + +diff -Naur boinc-6.2.18/lib/crypt.C boinc-6.2.18-mp/lib/crypt.C +--- boinc-6.2.18/lib/crypt.C 2008-08-25 16:27:59.000000000 -0400 ++++ boinc-6.2.18-mp/lib/crypt.C 2009-01-14 14:08:24.000000000 -0500 +@@ -210,7 +210,7 @@ + // The output block must be decrypted in its entirety. + // + int encrypt_private(R_RSA_PRIVATE_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out) { +- int n, modulus_len; ++ int n, modulus_len, retval; + + modulus_len = (key.bits+7)/8; + n = in.len; +@@ -219,17 +219,27 @@ + } + RSA* rp = RSA_new(); + private_to_openssl(key, rp); +- RSA_private_encrypt(n, in.data, out.data, rp, RSA_PKCS1_PADDING); ++ retval = RSA_private_encrypt(n, in.data, out.data, rp, RSA_PKCS1_PADDING); ++ if (retval < 0) { ++ RSA_free(rp); ++ return ERR_CRYPTO; ++ } + out.len = RSA_size(rp); + RSA_free(rp); + return 0; + } + + int decrypt_public(R_RSA_PUBLIC_KEY& key, DATA_BLOCK& in, DATA_BLOCK& out) { ++ int retval; + RSA* rp = RSA_new(); + public_to_openssl(key, rp); +- RSA_public_decrypt(in.len, in.data, out.data, rp, RSA_PKCS1_PADDING); ++ retval = RSA_public_decrypt(in.len, in.data, out.data, rp, RSA_PKCS1_PADDING); ++ if (retval < 0) { ++ RSA_free(rp); ++ return ERR_CRYPTO; ++ } + out.len = RSA_size(rp); ++ RSA_free(rp); + return 0; + } + +diff -Naur boinc-6.2.18/lib/error_numbers.h boinc-6.2.18-mp/lib/error_numbers.h +--- boinc-6.2.18/lib/error_numbers.h 2008-08-25 16:27:59.000000000 -0400 ++++ boinc-6.2.18-mp/lib/error_numbers.h 2009-01-14 14:12:59.000000000 -0500 +@@ -187,6 +187,7 @@ + #define ERR_CHILD_FAILED -228 + #define ERR_SYMLINK -229 + #define ERR_DB_CONN_LOST -230 ++#define ERR_CRYPTO -231 + + // PLEASE: add a text description of your error to + // the text description function boincerror() in str_util.C. +diff -Naur boinc-6.2.18/lib/str_util.C boinc-6.2.18-mp/lib/str_util.C +--- boinc-6.2.18/lib/str_util.C 2008-08-25 16:27:59.000000000 -0400 ++++ boinc-6.2.18-mp/lib/str_util.C 2009-01-14 14:13:57.000000000 -0500 +@@ -735,6 +735,7 @@ + case ERR_BAD_FILENAME: return "file name is empty or has '..'"; + case ERR_TOO_MANY_EXITS: return "application exited too many times"; + case ERR_RMDIR: return "rmdir() failed"; ++ case ERR_CRYPTO: return "encryption error"; + case 404: return "HTTP file not found"; + case 407: return "HTTP proxy authentication failure"; + case 416: return "HTTP range request error"; diff --git a/boinc-client.changes b/boinc-client.changes index 53000d8..5983e43 100644 --- a/boinc-client.changes +++ b/boinc-client.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Wed Jan 14 14:39:47 EST 2009 - mauro@suse.de + +- Added bnc_465676.patch to fix bnc#465676. + + Fixes CVE-2008-5077 + + check return values of RSA_*() functions. + + fix a memory leak, missing RSA_free(). + ------------------------------------------------------------------- Tue Dec 23 20:24:44 CET 2008 - mauro@suse.de diff --git a/boinc-client.spec b/boinc-client.spec index 8c0683a..bec1ea4 100644 --- a/boinc-client.spec +++ b/boinc-client.spec @@ -21,7 +21,7 @@ Name: boinc-client Summary: The Berkeley Open Infrastructure for Network Computing (BOINC) Version: 6.2.18 -Release: 3 +Release: 5 Url: http://boinc.berkeley.edu/ Source0: boinc-%{version}.tar.bz2 Source1: boinc-icons.tar.bz2 @@ -36,6 +36,7 @@ Patch4: boinc-subdirs.patch Patch5: bnc-431510.patch Patch6: bnc_439037.patch Patch7: bnc_442904.patch +Patch8: bnc_465676.patch License: LGPL v2.1 only Group: Productivity/Clustering/Computing BuildRequires: libcurl-devel >= 7.15.2 python-mysql update-desktop-files @@ -155,6 +156,7 @@ mkdir $RPM_BUILD_ROOT %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 tar -xvjf %{S:1} %build @@ -241,13 +243,18 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/*a %changelog +* Wed Jan 14 2009 mauro@suse.de +- Added bnc_465676.patch to fix bnc#465676. + + Fixes CVE-2008-5077 + + check return values of RSA_*() functions. + + fix a memory leak, missing RSA_free(). * Tue Dec 23 2008 mauro@suse.de - Added bnc_442904.patch to fix bnc#442904. + Use the proper delete. * Mon Nov 03 2008 mauro@suse.de - Add bnc_439037.patch to fix bnc#439037. We now use strcmp instead of the original ==. -* Sat Oct 04 2008 mauro@suse.de +* Fri Oct 03 2008 mauro@suse.de - Add bnc-431510.patch to fix bnc#431510. * Mon Sep 08 2008 mauro@suse.de - initial package for SuSE. boinc 6.2.18 (based on the enzokiel's