Accepting request 1075073 from security:tls:unstable

OBS-URL: https://build.opensuse.org/request/show/1075073 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=60
2023-03-29 07:57:50 +00:00 · 2023-03-29 07:57:50 +00:00 · 835b3ad63f
commit 835b3ad63f
parent e4ef647823
3 changed files with 73 additions and 0 deletions
--- a/openssl-3.changes
+++ b/openssl-3.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Mar 28 12:19:06 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Fix regression in the OBJ_nid2obj() function: [bsc#1209430]
+  * Upstream https://github.com/openssl/openssl/issues/20555
+  * Add openssl-Fix-OBJ_nid2obj-regression.patch
+
 -------------------------------------------------------------------
 Mon Mar 27 14:44:32 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>

--- a/openssl-3.spec
+++ b/openssl-3.spec
@ -50,6 +50,8 @@ Patch8:         openssl-Override-default-paths-for-the-CA-directory-tree.patch
 Patch9:         openssl-CVE-2023-0464.patch
 # PATCH-FIX-OPENSUSE: Fix compiler error "initializer element is not constant" on s390
 Patch10:        openssl-z16-s390x.patch
+# PATCH-FIX-UPSTREAM: bsc#1209430 Fix regression in OBJ_nid2obj
+Patch11:        openssl-Fix-OBJ_nid2obj-regression.patch
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(zlib)
 Requires:       libopenssl3 = %{version}-%{release}
--- a/openssl-Fix-OBJ_nid2obj-regression.patch
+++ b/openssl-Fix-OBJ_nid2obj-regression.patch
@ -0,0 +1,64 @@
+From 908ba3ed9adbb3df90f7684a3111ca916a45202d Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Tue, 21 Mar 2023 11:36:56 +0100
+Subject: [PATCH] OBJ_nid2obj(): Return UNDEF object instead of NULL for
+ NID_undef
+
+Fixes a regression from 3.0 from the obj creation refactoring.
+
+Fixes #20555
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+Reviewed-by: Paul Dale <pauli@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/20556)
+---
+ crypto/objects/obj_dat.c  |  5 ++---
+ test/asn1_internal_test.c | 11 +++++++++++
+ 2 files changed, 13 insertions(+), 3 deletions(-)
+
+Index: openssl-3.1.0/crypto/objects/obj_dat.c
+===================================================================
+--- openssl-3.1.0.orig/crypto/objects/obj_dat.c
+++ openssl-3.1.0/crypto/objects/obj_dat.c
+@@ -311,10 +311,9 @@ ASN1_OBJECT *OBJ_nid2obj(int n)
+     ADDED_OBJ ad, *adp = NULL;
+     ASN1_OBJECT ob;
+ 
+-    if (n == NID_undef)
+-        return NULL;
+-    if (n >= 0 && n < NUM_NID && nid_objs[n].nid != NID_undef)
+-            return (ASN1_OBJECT *)&(nid_objs[n]);
+    if (n == NID_undef
+        || (n > 0 && n < NUM_NID && nid_objs[n].nid != NID_undef))
+        return (ASN1_OBJECT *)&(nid_objs[n]);
+ 
+     ad.type = ADDED_NID;
+     ad.obj = &ob;
+Index: openssl-3.1.0/test/asn1_internal_test.c
+===================================================================
+--- openssl-3.1.0.orig/test/asn1_internal_test.c
+++ openssl-3.1.0/test/asn1_internal_test.c
+@@ -190,11 +190,22 @@ static int test_unicode_range(void)
+     return ok;
+ }
+ 
+static int test_obj_nid_undef(void)
+{
+    if (!TEST_ptr(OBJ_nid2obj(NID_undef))
+        || !TEST_ptr(OBJ_nid2sn(NID_undef))
+        || !TEST_ptr(OBJ_nid2ln(NID_undef)))
+        return 0;
+
+    return 1;
+}
+
+ int setup_tests(void)
+ {
+     ADD_TEST(test_tbl_standard);
+     ADD_TEST(test_standard_methods);
+     ADD_TEST(test_empty_nonoptional_content);
+     ADD_TEST(test_unicode_range);
+    ADD_TEST(test_obj_nid_undef);
+     return 1;
+ }