From 19cbe2fba122982eaa63060355c2628572add1ef1c13afdb639311a3361390c0 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 18 Jun 2010 03:17:30 +0000 Subject: [PATCH] Accepting request 41504 from Base:System Copy from Base:System/openssl based on submit request 41504 from user prusnak OBS-URL: https://build.opensuse.org/request/show/41504 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=37 --- CVE-2010-1633_and_CVE-2010-0742.patch | 28 +++++++++++++++++++++++++++ openssl.changes | 12 ++++++++++++ openssl.spec | 8 +++++++- 3 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 CVE-2010-1633_and_CVE-2010-0742.patch diff --git a/CVE-2010-1633_and_CVE-2010-0742.patch b/CVE-2010-1633_and_CVE-2010-0742.patch new file mode 100644 index 0000000..7a03c6d --- /dev/null +++ b/CVE-2010-1633_and_CVE-2010-0742.patch @@ -0,0 +1,28 @@ +Index: openssl-1.0.0/crypto/cms/cms_asn1.c +=================================================================== +--- openssl-1.0.0.orig/crypto/cms/cms_asn1.c ++++ openssl-1.0.0/crypto/cms/cms_asn1.c +@@ -131,8 +131,8 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = { + } ASN1_NDEF_SEQUENCE_END(CMS_SignedData) + + ASN1_SEQUENCE(CMS_OriginatorInfo) = { +- ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0), +- ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1) ++ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), ++ ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) + } ASN1_SEQUENCE_END(CMS_OriginatorInfo) + + ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { +Index: openssl-1.0.0/crypto/rsa/rsa_pmeth.c +=================================================================== +--- openssl-1.0.0.orig/crypto/rsa/rsa_pmeth.c ++++ openssl-1.0.0/crypto/rsa/rsa_pmeth.c +@@ -246,6 +246,8 @@ static int pkey_rsa_verifyrecover(EVP_PK + ret = int_rsa_verify(EVP_MD_type(rctx->md), + NULL, 0, rout, &sltmp, + sig, siglen, ctx->pkey->pkey.rsa); ++ if (ret <= 0) ++ return 0; + ret = sltmp; + } + else diff --git a/openssl.changes b/openssl.changes index fa4892d..c66ede2 100644 --- a/openssl.changes +++ b/openssl.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Tue Jun 15 09:53:54 UTC 2010 - bg@novell.com + +- -fstack-protector is not supported on hppa + +------------------------------------------------------------------- +Fri Jun 4 07:11:28 UTC 2010 - gjhe@novell.com + +- fix bnc #610642 + CVE-2010-0742 + CVE-2010-1633 + ------------------------------------------------------------------- Mon May 31 03:06:39 UTC 2010 - gjhe@novell.com diff --git a/openssl.spec b/openssl.spec index 4b555dd..61bfc5e 100644 --- a/openssl.spec +++ b/openssl.spec @@ -32,7 +32,7 @@ Obsoletes: openssl-64bit %endif # Version: 1.0.0 -Release: 4 +Release: 5 Summary: Secure Sockets and Transport Layer Security Url: http://www.openssl.org/ Source: http://www.%{name}.org/source/%{name}-%{version}.tar.bz2 @@ -43,6 +43,7 @@ Source10: README.SuSE Patch0: merge_from_0.9.8k.patch Patch1: openssl-1.0.0-c_rehash-compat.diff Patch2: bug610223.patch +Patch3: CVE-2010-1633_and_CVE-2010-0742.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -172,6 +173,7 @@ Authors: %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 cp -p %{S:10} . echo "adding/overwriting some entries in the 'table' hash in Configure" # $dso_scheme:$shared_target:$shared_cflag:$shared_ldflag:$shared_extension:$ranlib:$arflags @@ -221,8 +223,12 @@ $RPM_OPT_FLAGS \ -fomit-frame-pointer \ -fno-strict-aliasing \ -DTERMIO \ +%ifnarch hppa -Wall \ -fstack-protector " +%else +-Wall " +%endif # #%{!?do_profiling:%define do_profiling 0} #%if %do_profiling