Accepting request 704541 from home:vitezslav_cizek:branches:security:tls

- Fix a crash caused by long locale messages (bsc#1135550)
  * add openssl-fix_underflow_in_errstr_handling.patch

OBS-URL: https://build.opensuse.org/request/show/704541
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=34

openssl-1_1.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon May 20 16:21:01 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
+
+- Fix a crash caused by long locale messages (bsc#1135550)
+  * add openssl-fix_underflow_in_errstr_handling.patch
+
 -------------------------------------------------------------------
 Mon Mar  4 13:01:18 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
 

openssl-1_1.spec

@@ -50,6 +50,7 @@ Patch8:         0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
 Patch9:         0001-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
 # PATCH-FIX-UPSTREAM https://github.com/openssl/openssl/pull/8371
 Patch10:        openssl-fix-handling-of-GNU-strerror_r.patch
+Patch11:        openssl-fix_underflow_in_errstr_handling.patch
 BuildRequires:  pkgconfig
 Conflicts:      ssl
 Provides:       ssl

openssl-fix-handling-of-GNU-strerror_r.patch

@@ -1,8 +1,8 @@
-diff --git a/crypto/o_str.c b/crypto/o_str.c
-index 02578dbf0d..3b271e745b 100644
---- a/crypto/o_str.c
-+++ b/crypto/o_str.c
-@@ -223,7 +223,26 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+Index: openssl-1.1.1b/crypto/o_str.c
+===================================================================
+--- openssl-1.1.1b.orig/crypto/o_str.c	2019-02-26 15:15:30.000000000 +0100
++++ openssl-1.1.1b/crypto/o_str.c	2019-05-20 17:06:07.956663953 +0200
+@@ -223,7 +223,26 @@ int openssl_strerror_r(int errnum, char
  #if defined(_MSC_VER) && _MSC_VER>=1400
      return !strerror_s(buf, buflen, errnum);
  #elif defined(_GNU_SOURCE)
@@ -30,7 +30,7 @@ index 02578dbf0d..3b271e745b 100644
  #elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \
        (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600)
      /*
-@@ -234,6 +253,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+@@ -234,6 +253,7 @@ int openssl_strerror_r(int errnum, char
      return !strerror_r(errnum, buf, buflen);
  #else
      char *err;
@@ -38,7 +38,7 @@ index 02578dbf0d..3b271e745b 100644
      /* Fall back to non-thread safe strerror()...its all we can do */
      if (buflen < 2)
          return 0;
-@@ -241,8 +261,7 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+@@ -241,8 +261,7 @@ int openssl_strerror_r(int errnum, char
      /* Can this ever happen? */
      if (err == NULL)
          return 0;

openssl-fix_underflow_in_errstr_handling.patch

@@ -0,0 +1,24 @@
+Index: openssl-1.1.1b/crypto/err/err.c
+===================================================================
+--- openssl-1.1.1b.orig/crypto/err/err.c	2019-02-26 15:15:30.000000000 +0100
++++ openssl-1.1.1b/crypto/err/err.c	2019-05-21 21:14:31.211536069 +0200
+@@ -185,7 +185,7 @@ static ERR_STRING_DATA *int_err_get_item
+ 
+ #ifndef OPENSSL_NO_ERR
+ /* A measurement on Linux 2018-11-21 showed about 3.5kib */
+-# define SPACE_SYS_STR_REASONS 4 * 1024
++# define SPACE_SYS_STR_REASONS 8 * 1024
+ # define NUM_SYS_STR_REASONS 127
+ 
+ static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
+@@ -225,8 +225,8 @@ static void build_SYS_str_reasons(void)
+ 
+                 str->string = cur;
+                 cnt += l;
+-                if (cnt > sizeof(strerror_pool))
+-                    cnt = sizeof(strerror_pool);
++                if (cnt >= sizeof(strerror_pool))
++                    cnt = sizeof(strerror_pool) - 1;
+                 cur += l;
+ 
+                 /*