From 835b3ad63f0d4dee2c8cfb2b0f5645fb2bb1cc81f28a64bdadce7f7388f94e9f Mon Sep 17 00:00:00 2001 From: Otto Hollmann Date: Wed, 29 Mar 2023 07:57:50 +0000 Subject: [PATCH] Accepting request 1075073 from security:tls:unstable OBS-URL: https://build.opensuse.org/request/show/1075073 OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-3?expand=0&rev=60 --- openssl-3.changes | 7 +++ openssl-3.spec | 2 + openssl-Fix-OBJ_nid2obj-regression.patch | 64 ++++++++++++++++++++++++ 3 files changed, 73 insertions(+) create mode 100644 openssl-Fix-OBJ_nid2obj-regression.patch diff --git a/openssl-3.changes b/openssl-3.changes index 53b8f39..e4bc3dd 100644 --- a/openssl-3.changes +++ b/openssl-3.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Tue Mar 28 12:19:06 UTC 2023 - Pedro Monreal + +- Fix regression in the OBJ_nid2obj() function: [bsc#1209430] + * Upstream https://github.com/openssl/openssl/issues/20555 + * Add openssl-Fix-OBJ_nid2obj-regression.patch + ------------------------------------------------------------------- Mon Mar 27 14:44:32 UTC 2023 - Otto Hollmann diff --git a/openssl-3.spec b/openssl-3.spec index 3eefa5f..a0a62a1 100644 --- a/openssl-3.spec +++ b/openssl-3.spec @@ -50,6 +50,8 @@ Patch8: openssl-Override-default-paths-for-the-CA-directory-tree.patch Patch9: openssl-CVE-2023-0464.patch # PATCH-FIX-OPENSUSE: Fix compiler error "initializer element is not constant" on s390 Patch10: openssl-z16-s390x.patch +# PATCH-FIX-UPSTREAM: bsc#1209430 Fix regression in OBJ_nid2obj +Patch11: openssl-Fix-OBJ_nid2obj-regression.patch BuildRequires: pkgconfig BuildRequires: pkgconfig(zlib) Requires: libopenssl3 = %{version}-%{release} diff --git a/openssl-Fix-OBJ_nid2obj-regression.patch b/openssl-Fix-OBJ_nid2obj-regression.patch new file mode 100644 index 0000000..d5022aa --- /dev/null +++ b/openssl-Fix-OBJ_nid2obj-regression.patch @@ -0,0 +1,64 @@ +From 908ba3ed9adbb3df90f7684a3111ca916a45202d Mon Sep 17 00:00:00 2001 +From: Tomas Mraz +Date: Tue, 21 Mar 2023 11:36:56 +0100 +Subject: [PATCH] OBJ_nid2obj(): Return UNDEF object instead of NULL for + NID_undef + +Fixes a regression from 3.0 from the obj creation refactoring. + +Fixes #20555 + +Reviewed-by: Richard Levitte +Reviewed-by: Matt Caswell +Reviewed-by: Paul Dale +(Merged from https://github.com/openssl/openssl/pull/20556) +--- + crypto/objects/obj_dat.c | 5 ++--- + test/asn1_internal_test.c | 11 +++++++++++ + 2 files changed, 13 insertions(+), 3 deletions(-) + +Index: openssl-3.1.0/crypto/objects/obj_dat.c +=================================================================== +--- openssl-3.1.0.orig/crypto/objects/obj_dat.c ++++ openssl-3.1.0/crypto/objects/obj_dat.c +@@ -311,10 +311,9 @@ ASN1_OBJECT *OBJ_nid2obj(int n) + ADDED_OBJ ad, *adp = NULL; + ASN1_OBJECT ob; + +- if (n == NID_undef) +- return NULL; +- if (n >= 0 && n < NUM_NID && nid_objs[n].nid != NID_undef) +- return (ASN1_OBJECT *)&(nid_objs[n]); ++ if (n == NID_undef ++ || (n > 0 && n < NUM_NID && nid_objs[n].nid != NID_undef)) ++ return (ASN1_OBJECT *)&(nid_objs[n]); + + ad.type = ADDED_NID; + ad.obj = &ob; +Index: openssl-3.1.0/test/asn1_internal_test.c +=================================================================== +--- openssl-3.1.0.orig/test/asn1_internal_test.c ++++ openssl-3.1.0/test/asn1_internal_test.c +@@ -190,11 +190,22 @@ static int test_unicode_range(void) + return ok; + } + ++static int test_obj_nid_undef(void) ++{ ++ if (!TEST_ptr(OBJ_nid2obj(NID_undef)) ++ || !TEST_ptr(OBJ_nid2sn(NID_undef)) ++ || !TEST_ptr(OBJ_nid2ln(NID_undef))) ++ return 0; ++ ++ return 1; ++} ++ + int setup_tests(void) + { + ADD_TEST(test_tbl_standard); + ADD_TEST(test_standard_methods); + ADD_TEST(test_empty_nonoptional_content); + ADD_TEST(test_unicode_range); ++ ADD_TEST(test_obj_nid_undef); + return 1; + }